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Will SOA Become 
The New Siloed App? 



BY JENNIFER DEJONG 

Siloed applications were sup- 
posed to be a thing of the past. 
But the very technology intend- 
ed to replace separate business 
systems that don't work togeth- 
er may well be creating new 
silos of its own. 

"SOA is silo-based," 
said Ryan Berg, co- 
founder and chief scientist for 
application security tool maker 
Ounce Labs. So far, service- 
oriented architecture (SOA) 
has been adopted on largely a 
departmental basis, creating 
departmental SO As that func- 
tion much the same way appli- 
cation silos do, he said. 

Standing in the way of broad- 
er, enterprisewide SOA adop- 
tion are some technology issues, 
such as the relative immaturity 
of some Web services standards, 
noted Berg. But the bigger 
roadblock that keeps SOA from 



ANALYSIS 



moving beyond department- 
level projects are the cultural 
and turf issues that come up 
when a company decides to 
replace traditional applications 
with a set of business services 
that can be coupled and decou- 
pled to carry out multi- 
ple different business 
processes, said research 
analysts and SOA consultants. 

SOA projects have been 
implemented largely on a 
departmental basis because that 
approach is workable, said ana- 
lyst Rob Enderle, who runs The 
Enderle Group. "But when you 
move away from a hierarchical 
structure, where one manager 
dictates, to a situation where 
two [or more groups] are 
brought together, SOA is vastly 
more difficult." 

Challenges that arise range 
from getting buy-in from team 
continued on page 14 ► 



Sweeping GPL Rewrite 
Takes on Patent Issues 

Latest license revision addresses Microsoft-Novell deal 



BY ALEX HANDY 

The Free Software Foundation 
on March 28 released the third 
draft of its General Public 
License version 3, containing 
some of the most sweeping 
changes yet introduced to the 
public license. Some of the 
changes were designed to pre- 
vent agreements such as the one 
struck in November by Novell 
and Microsoft limiting patent 
protection for SUSE Linux users. 
In fact, the document now 
contains an entirely new opening 
sentence: "The GNU General 



Public License is a free, copyleft 
license for software and other 
kinds of works." This new intro- 
ductory statement is intended 
to reinforce the fact that the 
GPL can be used to license non- 
software works. 

But software is still the defin- 
itive focus of the new GPL. 
Simon Phipps, Sun Microsys- 
tems' chief open source officer, 
said that he is particularly enam- 
ored with the new limits placed 
on the clauses pertaining to digi- 
tal rights management. 

"I like the fact that the DRM 



provisions have been scaled back 
to apply only to user products," 
said Phipps. He said that the pre- 
vious DRM provisions had 
threatened the usage patterns of 
corporate GPL users, and the 
FSF appears to agree. 

In a statement issued along- 
side the release of GPLv3 draft 
3, the FSF included explana- 
tions for many of the changes 
included. On the subject of the 
DRM changes, the FSF wrote: 
"In our discussions with compa- 
nies and governments that use 
continued on page 24 ► 



A Prototype for Browser Compatibility 



BY ALEX HANDY 

In the 1980s, the variety of operat- 
ing systems used around the world 
necessitated reworking, recompil- 
ing and rewriting of corporate 
code for compatibility reasons. 
Today, the field of competing 
operating systems has narrowed, 
but the Web has created new 
wrinkles of inconsistency and idio- 
syncrasy for modern coders. 

Whereas the problem used to 
be compatibility with operating 
systems, the problem for the past 
decade has been compatibility 
with the browser. That's why a 
group of open source developers 
is expanding the scope of Proto- 
type.js, a framework for building 
cross-browser applications in 
JavaScript. 

Despite the original intent for 
the Web to be a platform-inde- 



pendent method of information 
exchange, the current state of 
divergence among Firefox, 
Internet Explorer, Konquerer, 
Opera and Safari has created a 
great deal of work for JavaScript 
programmers. One such pro- 



grammer is Tobie Langel, a core 
member of the Prototype.js 
team. A musician by trade, he's 
originally from Switzerland but is 
now based in Montreal. 

Langel was not a JavaScript 
continued on page 21 ► 



W3C Reviews Service Modeling 



BY DAVID WORTHINGTON 

A cadre of the industry's most 
influential companies are advo- 
cating for a uniform way to mod- 
el applications, networks, servers 
and other IT resources in XML. 

BEA Systems, BMC Soft- 
ware, CA, Cisco Systems, Dell, 
EMC, Hewlett-Packard, IBM, 
Microsoft and Sun Microsystems 
submitted the Service Modeling 
Language (SML) to the W3C for 
recommendation on Feb. 28. 



SML attempts to solve the 
predicament of having multiple 
methods to describe the same IT 
resource; this duplication requires 
a translation process to interpret 
technical details. The translation is 
not always foolproof, the sponsors 
of SML say, and misinterpreta- 
tions can raise costs and increase 
system complexity. 

According to the specification, 
SML addresses the problem of 
continued on page 24 ► 



IN THIS ISSUE 

Google Web Toolkit Recompiled 3 

Orcas Spotted on the Horizon 5 

RIA Pioneer Curl Rides Again 6 

Microsoft, Google Join AJAX Alliance 12 

Novell Continues Linux Makeover 18 

Linux as a RTOS? 31 



€>% 



) 




SD West Bears 
Development Fruit 



BINSTOCK: Trends in Java 

O'BRIEN: A Pwn in the Game of Life 



.41 
.41 



RUBINSTEIN: It's Time for Your Review 42 



www.sdtimes.com 



. Software Development Times . April 15, 2007 



NEWS 



With GWT 1.4 r Higher Speeds Lead to Mashups 

Revamped open source toolkit improves compiling, adds rich text 



BY ALEX HANDY 

After shifting the development 
of its Web toolkit from a closed 
process to an open one, Google's 
Java-to-JavaScript translation 
framework should be speedier 
when the forthcoming version 
1.4 arrives in mid-May. 

Bruce Johnson, technical 
lead on the Google Web Toolkit 
project, said that the new ver- 
sion will include many useful 
improvements for developers. 

"In the 1.4 release, we're 
going to have rich text in a form 
that works with most browsers," 
said Johnson. That means 
developers will have the ability 
to place highly capable text 
input boxes into their Web 
applications; GWT text boxes 
are closer to Microsoft Word 
than Notepad. "There's a vari- 
ety of other widgets [that] peo- 
ple will find pretty interesting, 
such as internationalization. 



That lets you handle utility 
functions, like date and number 
parsing that works for different 
locales." 

GWT 1.4 will also feature a 
revamped compiler. "If you 
compile with the new version, 
your applications can be 10 to 
20 percent smaller. There are 
additional options where all 
you do is recompile and your 
code gets faster. You could 
imagine, [that] if you wrote 
20,000 lines of code in hand- 
written JavaScript, there's only 
so much you can do to optimize 
by hand," said Johnson, adding 
that compiler-based optimiza- 
tions are better suited to large 
applications. 

But the new version of GWT 
may take longer to finish than 
previous versions. "This is our 
first cycle where we've done 
everything publicly," said John- 
son. "It's been a little harder to 




'This is our first cycle where 
we've done everything 
publicly. It's been a little 
harder to schedule/ 




—Bruce Johnson, technical lead on the 
Google Web Toolkit project 



schedule. Before, we've been 
able to make decisions quickly, 
but there's a lot of benefit to 
getting input from everyone in 
the community." He added, 
"On the other hand, it may 
take. . .a few weeks to resolve" a 
single item. 

Some of those choices offer 
entirely new ideas in optimiza- 
tion and ease of use. One new 
feature in version 1.4 is the abil- 
ity to bring dozens of smaller 



images into a single larger file. 
Rather than multiple HTTP 
requests to the client in order 
to load interface buttons and 
banners, explained Johnson, 
GWT can send a single file, 
then show the client how to 
automatically cut and crop the 
image into each position. The 
overall effect is a decrease in 
server requests and a more effi- 
cient use of bandwidth. 

Other additions to GWT 1.4 



include new toggle buttons, 
screen dividers for the dynamic 
portioning of browser windows, 
support for non-HTML code in 
tabs, and other widgets that 
increase usability. 

But the most important 
change in GWT 1.4 is behind 
the scenes, opening the door to 
mashups. "In 1.3, you could 
only fetch your compile from 
the same [server] that hosted 
the page," said Johnson. "Now 
we can include the full 
JavaScript in the page, in a 
script tag. It's a step on the way 
to doing free-for-all mashups in 
GWT. It's not necessarily true 
that you can take [any] two 
applications and mash them 
together," said Johnson, stating 
that internal application mech- 
anics can differ. But, he added, 
this change finally makes it 
possible to mash up GWT 
applications. I 



BEA Shows Off New Web Tools 

Collaborative Web-based work environments to debut in June 



BY ALEX HANDY 

BEA Systems jumped into the 
enterprise mashups world in 
March, when it introduced a 
Web site that shows off its forth- 
coming Web 2.0 enterprise 
Web tools. The en.terpri.se site 
offers the first glimpse of three 
new products that contain both 
developer-facing and end-user- 
centric collaborative work envi- 
ronments. The three new 
members of the Aqualogic fam- 
ily are standalone Web applica- 
tions but can be integrated 
with the existing BEA portal 
software. 

BEA product marketing 
director Ajay Gandhi explained 
that Plumtree, which BEA 
acquired in August 2005, origi- 
nally developed the en.terpri.se 
tools and that they were part of 
the reason for the deal. All 
three are scheduled to become 
generally available in June; the 
only platform requirement is a 
Java application server that sup- 
ports portlets. 

The first tool, said Gandhi, 
is BEA Aqualogic Pages. "It's a 
Web page authoring system 
and an application builder for 
end users in marketing, IT, 
sales, etc," said Gandhi. "It 
comes with a palette of drag- 
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BEA's new en.terpri.se Web environments allow developers to build mashups from internal and external sources. 



and-drop components for 
building data-driven applica- 
tions, like blogs and wikis. 
Users can add data to their 
applications directly from, say, 
an ERP or CRM system. Then 
you can wire that info up [to] 
other components on the 
page. At the same time, the 



product has underlying gover- 
nance and management con- 
trol for IT. It gives the end 
users the flexibility of this new 
application to work with data 
that was previously in siloed 
applications." 

But end users are not the 
only ones who get in on the 



en.terpri.se action. Developers 
are the target of BEA Aqualog- 
ic Ensemble. Essentially, it's a 
Web-based platform for build- 
ing connectors to external 
applications; Ensemble helps 
developers and IT workers 
build reusable widgets for 
polling data and information 



from internal applications. The 
tool also includes support for 
single sign-on, through LDAP 
and other internal security sys- 
tems. 

The final piece of the 
en.terpri.se puzzle is BEA 
Aqualogic Pathways. Inspired 
by the popular social book- 
marking site del.icio.us, Path- 
ways offers similar capabilities 
around internally hosted docu- 
ments and information. Pages 
and documents held in enter- 
prise repositories can be cate- 
gorized, bookmarked and des- 
ignated with metatags by 
enterprise users. The software 
then assesses the value of the 
meta-information attached to 
the file, in a manner similar to 
the Google page ranking sys- 
tem. But there is one major 
twist, said Gandhi. 

"[Pathway's] Activity rank is 
a new approach to ranking the 
relevance of both content and 
people. It's based on [the] 
explicit usage of the system: 
Who's opening the document as 
they use the system? What are 
the ranks and scores of people 
tagging the document? In an 
enterprise, you don't have doc- 
uments linking to each other, 
but you do have people, so we 
capture that info and use that to 
score the documents and the 
people themselves to discover 
how relevant they are to the 
system," said Gandhi. I 
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Orcas Watch Expected to Pay Off This Year 

Beta versions of Orcas due by summer; J# development will be phased out in future 



BY DAVID WORTHINGTON 

The long wait for Orcas is almost 
over. The Visual Studio team in 
late March published an updat- 
ed road map on its Web site that 
details the product line s release 
schedule for the remainder of 
the year, covering Visual Studio, 
Visual Studio Team System, and 
Visual Studio s tools for database 
professionals. 

The first beta bits of Orcas, 
the next generation of the Visual 
Studio development environ- 
ment, will become available this 
spring, with a refresh of the beta 
expected by midyear. Orcas will 
be Microsoft's preferred IDE 
for building Windows Vista and 
Office 2007 "ribbon'-styled 
applications. 

As of March 28, no firm ship 
date was listed for Orcas, but Mi- 
crosoft spokespeople confirmed 
it would be released to manufac- 
turing before the end of the year. 

NEXT UP: ROSARIO 

The next major release of Visual 
Studio Team System is code- 
named Rosario, and it will follow 
Orcas. Rosario s key improve- 
ments are in the areas of project 
management, change manage- 
ment, source control, test cre- 
ation and automation, and 
remote access to projects. 

A pair of so-called "Power 
Tools" — for Visual Studio Team 
Foundation Server and Visual 
Studio Team Edition (VSTE) for 
Database Professionals — has 
been added to the road map, 
without any specified release 
date. The MSDN Web site 
states that the Visual Studio 
Power Tools will arrive "out-of- 
band" from major Visual Studio 
Team System releases, and that 
some will be included in a future 
edition of Visual Studio Team 
System. "Power Tools" replaces 
"Power Toys" as the moniker for 
this class of add-ons. 

The first service pack for 
VSTE for Database Profession- 
als is projected to ship by mid- 
2007. It will add new features 
for database references, better 
support for three- and four-part 
naming to reduce warnings in 
the error list, and file group 
support enhancements. 

Redmond is planning an 
upgrade to the Visual J# redis- 
tributable that will add 64-bit 
runtime support, according to 
the description on the J# page on 
the MSDN Web site. The 



update, Visual J# 2.0 Redistrib- 
utable Second Edition, will 
enable J# code to be compiled to 
run natively on 64-bit versions of 
Windows and .NET, including 



the 2.0, 3.0 and the Orcas-linked 
3.5 versions of .NET The Visual 
J# update will be released in the 
second quarter of this year, and 
supported through 2017. 



J# and the Java Language 
Conversion Assistant tool were 
phased out of Visual Studio 
offerings as of the January Orcas 
CTP The company's J# Web 



site notes the decision to forgo 
future development was based 
on customer feedback; the J# 
feature set meets customer 
needs, and J# usage is declining.! 
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Rich Internet Pioneer Ready to Ride Again 

Curl says platform best for getting enterprise-class apps onto Web 



BY DAVID RUBINSTEIN neer, is looking to bounce back 

A good curl will always bounce into the consciousness of the 

back. As such, Curl Corp., a rich North American market with 

Internet application (RIA) pio- the relaunch of its platform at 



the Web 2.0 Expo in mid-April. just about eliminating page 
Being positioned as a plat- refreshes anymore. The plat- 
form for business-critical, client/ form, according to vice presi- 
server applications, Curl isn't dent of product strategy 
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Richard Treadway, is best suit- 
ed for applications that must be 
Web-enabled, require highly 
complex user interfaces, need 
support for enterprise-class 
data sets, and be high-perfor- 
mance and highly secure. 

Curl was born out of an MIT 
content language project begun 
in 1995 and was an early advo- 
cate of what was then being 
called "the executable Internet." 
The company was purchased by 
the Japanese software company 
Sumisho in 2000, and it has 
gained more than 300 customers 
in Asia for the Curl platform, 
which consists of the language, a 
runtime and an IDE. 

"AJAX has limitations as a 
software development medi- 
um," said Bert Halstead, the 
chief architect who has been 
with the company since 1998, 
when it was spun out of MIT. "It 
runs differently in every brows- 
er. [The developer] has no con- 
trol over the delivery platform." 

Halstead said Curl believes 
there needs to be a set of fea- 
tures targeting how applications 
perform, in terms of speed, the 
size of data sets they can han- 
dle, whether you can work with 
them offline as well as online, 
and whether or not they scale. 
The object-oriented language is 
a rich one, Halstead said, for 
work with GUI layouts, markup 
text and scripting. "People who 
understand about object-ori- 
ented programming have no 
problem becoming productive 
in Curl," he said. 

He compared the runtime to 
Adobes Reader or Flash, with 
thousands of built-in APIs. As 
to the argument that requiring 
client software limits who can 
use the applications and how 
they can be used, Halstead said, 
"Enterprises don't seem to 
complain about having to 
implement the runtime." The 
IDE, Halstead said, includes a 
visual layout editor and source 
code control integration. 

Halstead explained that 
when you click, for example, to 
launch an EIS application, the 
server recognizes the applica- 
tion as a Curl app and returns 
the application to the client, 
which invokes a Curl plug-in. 
The runtime compiles the EIS 
source code into a full EIS 
application that can exchange 
data with the server. "This 
approach economizes the work 
the server does," Halstead said. 
"It's not rendering pages; it's 
just feeding data." Curl can 
handle a myriad of protocols, 
he added. I 
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Fortran Pioneer John W. Backus Dies at 82 



BY DAVID WORTHINGTON 

John W. Backus, who assem- 
bled the team that developed 
the Fortran programming lan- 
guage, passed away at his home 
in Ashland, Ore., on March 17. 
Backus was widely hailed for 



his contributions to modern 
computer programming during 
the 1950s and throughout his 
lifetime. He was 82. 

Communicating human 
needs to computers during the 
formative years of program- 



ming was an intricate process 
that required broad knowl- 
edge of machine language. 
Fortran, the world's first high- 
level compiler programming 
language, changed that. It 
added a level of abstraction 



above binary code that broke 
down the wall for generations 
of programmers. 

Backus is also recognized for 
developing the Backus-Naur 
Form notation to define formal 
syntax, and spent much of his 
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life researching functional-level 
programming. 

Despite his many accom- 
plishments, Backus is quoted in 
the July-August 1979 edition 
of Think, the IBM employee 
magazine, as modestly saying: 
"Much of my work has come 
from being lazy... I didn't like 
writing programs." 

His death was announced by 
daughter Karen Backus and 
attributed to old age. 

A STORIED LIFE 

According to the Think article, 
Backus was born in Philadel- 
phia in 1924 and attended a 
local preparatory school, where 
he was a self-admitted rule- 
breaker. He later enrolled in 
the University of Virginia, but 
left after six months, and soon 
after was drafted into the U.S. 
Army. His impressive aptitude 
test scores compelled the Army 
to encourage Backus to contin- 
ue his education. 

Consequently, Backus stud- 
ied medicine, but switched his 
concentration to radio engi- 
neering to satisfy his intellectu- 
al curiosity. He eventually set- 
tled into mathematics and 
earned a masters degree from 
Columbia University in New 
York. This set the path for his 
career at IBM. 

A casual visit to IBM's Man- 
hattan office secured Backus' 
place in history. In 1950, he 
went to view an early calcula- 
tor — composed of more than 
13,000 vacuum tubes. He was 
whisked upstairs after telling 
the tour guide that he was a 
qualified mathematician. IBM 
engineer Rex Seeber, inventor 
of the machine, hired Backus 
on the spot after giving him 
an impromptu test, Backus 
recalled in his interview with 
Think. 

Backus and his team of 
proto-hackers began working 
on Fortran in 1954, and within 
three years had written the first 
manual and compiler. The lan- 
guage was a fundamental part 
of university computer science 
programs through the 1970s 
and 1980s. 

Backus remained an IBM 
employee until his retirement 
in 1991. During his tenure at 
IBM, he received the ACM 
Turing Award in 1977, the 
National Medal of Science in 
1975, the 1993 Charles Stark 
Draper Prize and was named an 
IBM fellow in 1963. I 
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Tangosol Connects .NET to the Grid 



BY DAVID WORTHINGTON 

.NET is dancing, thanks to Tan- 
gosol, which introduced a new 
library on March 20 that allows 
.NET applications to access the 
company's Coherence clustered 



services, which manage data in 
memory across data grids. 

The Coherence for .NET 
library connects to clustered 
service instances — data, data 
events and data processing — 



running within the cluster via a 
TCP/IP communications layer 
and intermediary service layer. 
The Coherence library allows 
native connectivity for Visual 
Basic .NET and C# applications 



to a Coherence data grid, sup- 
porting the full feature set of 
Coherence Data Client and 
Real Time Client. 

Tangosol claims that using 
data grids scales application 
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EASY to USE 

ActiveReports features an easy-to-use, banded, fully integrated report designer with built- 
in wizards, integrated toolbars, report explorer window, print preview with bookmarks, 
text search and thumbnails, a full-featured chart control, and a detailed help file. With 
ActiveReports, it is easy to create the kinds of reports you need-from the most basic to the 
most complicated reports. 

EASY to LICENSE 

Licensing with ActiveReports for .NET is straightforward and easy to understand. There 
are no hidden costs, no extra licensing fees and no royalties charged for end users. Once 
you install the product after purchase, you are free to create and deploy your reports as 
needed. 

EASY to DEPLOY 

ActiveReports makes deploying your reports and end-user reporting capabilities easy. The 
reporting engine is provided as a single managed, strongnamed assembly. ActiveReports 
allows assemblies to be distributed using XCopy or placed in the Global Assembly Cache 
(GAC). 



Standard Edition 

$599 per developer, royalty free 



Professional Edition 
$ 1 499 per developer, royalty free 



Optimized for 



— ^ Microsoft 

<*>Visual Studio .net 



www.datadynamics.com 

5870 Cleveland Avenue 

Columbus, Ohio 43231 

614-895-3142 

Fax: 614-899-2943 
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performance and enables 
enterprisewide data virtualiza- 
tion, with the added benefits of 
performing grid-based analyt- 
ics, transactions and event pro- 
cessing. 

The data and real-time 
clients provide facilities to 
access grid services and grid 
processing and aggregation. 
They also include features 
for in-process caching, local 
caching, near caching and real- 
time events. In addition, there 
is an HTTP session manage- 
ment plug-in for ASP.NET 2.0, 
and Coherence for .NET sup- 
ports reciprocal access to Java 
objects to and from .NET appli- 
cations. 

Tangosol co-founder Jon 
Purdy explained that Coher- 
ence includes helper classes 
that simplify the setting of "mir- 
rored" serialization routines for 
.NET and Java. "Consider the 
case of transferring a Java "Cus- 
tomer" object to a .NET client: 
The Java server serializes "Cus- 
tomer" to a specific binary for- 
mat before sending to the .NET 
client, and the .NET client 
knows how to deserialize those 
bytes into a .NET "Customer" 
object," said Purdy. I 

TANGOSOL 
ACQUIRED 
BY ORACLE 

The same week it announced 
Coherence for .NET, Tangosol 
was acquired by Oracle. Oracle 
is using Tangosol's in-memory 
data grid software to strength- 
en its extreme transaction 
processing (XTP) middleware. 
XTP creates distributed appli- 
cations that perform grid- 
based in-memory computa- 
tions, real-time analytics and 
high-performance transac- 
tions. The purchase was 
announced on March 23. 

According to a statement 
on Oracle's Web site, Tangosol's 
development and sales teams 
will be retained and will join 
the Oracle development and 
Fusion Middleware Sales staff, 
respectively. Support services 
will be integrated into Oracle's 
Global Support and supple- 
mented by Global Support. 
Likewise, Tangosol marketing 
will by supplemented by Ora- 
cle's Global Marketing and 
Developer programs. 

The merger transaction 
will be closed this month. The 
terms of the agreement are 
undisclosed. 

—David Worthington 
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Multi-Platform User Experience 

NetAdvantage for .NET 2007 Vol. 1 

The ultimate toolset for user interface design and development 

Familiar Uls for your Users - Consistent Windows Forms & ASP.NET Ills, delivering 
Microsoft® Office 2007 styles and many more 

Professional Polish in an Instant - Windows Forms & ASP.NET Application Styling™ includes 
a library of professionally designed pre-defined application styles 

Multi-Platform Accessibility - Infragistics provides Regulatory Compliance 
(US Section 508) across all Windows Forms & ASP.NET controls 

Take Advantage of Advanced Architectures - Technology standards such as CAB for 
Windows Forms, and ASP.NET AJAX and SharePoint® support for web development 
are built into Infragistics NetAdvantage for .NET controls 
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Visualize Data with Style - Over 60 high fidelity 2D/3D Charts for Windows Forms & 
ASP.NET including Office 2007 style points 



learn more: infragistics.com/dotnet 
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NEWS BRIEFS 



, COMPANIES , 



SPI Dynamics has integrated its entire security testing product suite 
with HP's Quality Center platform, which governs quality assurance in 
application environments. Additionally, Telelogic has integrated Sys- 
tem Architect version 10.6, the company's enterprise architecture and 
business process analysis tools, with HP's Universal CMDB, a change 
management database . . . Teamprise is giving away Teamprise 2.1 
licenses to developers that want to access Microsoft's CodePlex open 
source community service. Teamprise is a suite of applications that 
makes Visual Studio 2005 Team Edition accessible from within Eclipse 
and Unix-based platforms. The complimentary licenses may be 
obtained at Teamprise's Web site . . . SOA Software has inked a joint- 
referral agreement with Red Hat to extend Red Hat's open source 
JBoss Enterprise Middleware with SOA's Service Manager and Work- 
Bench products. The aforementioned products perform governance, 
security, mediation and management functions. SOA Software prod- 
ucts are sold on a license basis . . . Eiffel Software is sponsoring a 
community portal that is a repository for tutorials, packages and sam- 
ples for its EiffelStudio IDE. There is also Eiffel-related news, blogs and 
a peer support forum. The community site opened on March 22 
. . . LignUp and Level 3 are joining forces to entice developers to use 
LignUp's development platform for voice-enabled Web applications. 
The LignUp platform allows developers to build and test presence- 
aware VoIP services, applications, mashups, TWikis and portals. The 
enticement is 600 minutes of network access to Level 3's network. 



NEW PRODUCTS 



Compuware launched Test Factory, a quality assurance business mod- 
el that offers features such as functional testing and demand and 
resource management. Test Factory will provide outsourced testing 
service providers with guidance on resolving a range of complex busi- 
ness challenges, according to company officials . . . NexaWeb has 
announced the NexaWeb Starter Kit, a development and deployment 
framework for AJAX and Java applications. The NexaWeb Starter Kit 
is aimed at organizations beginning development with AJAX and oth- 
er Web 2.0 technologies, and includes NexaWeb Studio, the company's 
Eclipse-based AJAX and Java IDE . . . Osellus has made available a 
solution to incorporate IBM's Rational Unified Process (RUP) into 
Microsoft's Visual Studio Team System (VSTS). Osellus' Connect 
Bridge for VSTS, which became available March 27, creates VSTS 
work items that correspond to RUP entities, and translates RUP con- 
tent from IBM's Rational Method Composer. 



UPDATES, 



Advanced Systems Concepts, a company specializing in system soft- 
ware solutions for Linux, OpenVMS, Unix and Windows machines, has 
added a "virtual root" to the new version of ActiveBatch, the compa- 
ny's enterprise job scheduling software. The virtual root in version 6 
allows the creation of access points that give developers login-protect- 
ed access to the jobs and plans appropriate to their job roles 
. . . The Visual Fox Pro team at Microsoft has revealed that there will be 
no VFP 10. Rather, it will release a second Service Pack for VFP 9 this 
summer and continue to build out VFP's extensibility model. New exten- 
sibility features, including the team's "Sedena" project, will be uploaded 
to CodePlex. VFP 9 will be supported until the end of 2015 
. . . ActiveState has released Perl Dev Kit 7.0, an updated version of 
its suite for creating and deploying Perl applications. PDK 7.0 intro- 
duces native support for Mac OS X, and for 64-bit Linux, Solaris and 
Windows. Also included is a hotspot analyzer tool, a PerlApp for mod- 
ule wrapping, and additional Solaris and AIX GUIs. PDK was released 
March 21 . . . Alpha Five Version 8 is immediately available from Alpha 
Software. Alpha Five is a rapid application development platform for 
creating desktop and Web applications that connect to databases. 
Changes include a redesigned user interface, a Web application securi- 
ty framework and SQL connectivity . . . dtSearch has publicly unveiled 
version 7.4 of the dtSearch product line. The new release adds support 
for Microsoft 2007 file types, the XML paper specification and 
Microsoft Windows Vista XMP metadata to dtSearch's index. I 



Microsoft, Google 
Join AJAX Alliance 



BY JEFF FEINMAN 

March's AJAXWorld Confer- 
ence & Expo saw a number of 
new products and updates, as 
many players in the market 
competed to offer the most 
intriguing solutions. But two of 
the industry's biggest horses 
rode away from the 
show with much of the 
attention. I >HUW 

Microsoft and Google 
announced their membership in 
the Open Aj ax Alliance, a group 
created to foster interoperability 
among at least 200 different 
AJAX frameworks. Google was 
one of the 15 companies that 
participated in the discussion 
that led to the alliance in Febru- 
ary 2005, but never signed the 
membership agreement because 
of legal issues, said a company 
spokesman. 

"Microsoft is continuing its 
commitment to empower 
[Web] developers with technol- 
ogy that works cross browser 
and cross platform," Microsoft 
group product manager Kevin 
Smith said in a statement. 
Microsoft's ASP.NET AJAX 
offers seamless integration with 
other technologies, lower train- 
ing costs, and faster delivery of 




Web 2.0 innovations, according 
to the alliance's Web site. 

In other show news, Back- 
base announced a new pricing 
model for its Backbase AJAX 
framework, which allows for the 
development of rich user inter- 
faces for Web apps. Under the 
new pricing model, 
there is a flat fee of 
US$2,000 per develop- 
er seat for Backbase AJAX. 

Backbase CEO Jouk Pleiter 
told SD Times that one of the 
main topics of the show was peo- 
ple's use of JavaScript AJAX pro- 
gramming as a programming 
style. "People are starting to real- 
ize that this kind of development 
can be tough — you need to do it 
cross-browser. It's very labor- 
intensive. JavaScript is a very 
complex programming language, 
and it's not so easy for a main- 
stream developer to be produc- 
tive with it." 

Farata Systems, a provider 
of Flex and Java services and 
components, announced www 
.myflex.org, a community site the 
company said will be a repository 
for commercial Flex components 
and Eclipse plug-ins developed 
by independent vendors. 

Laszlo Systems announced 



A TotalView' of Debugging 



BY JEFF FEINMAN 

After a name change that aligns 
the company with its flagship 
product, TotalView Technolo- 
gies, formerly known as Etnus, 
released on April 2 an updated 
version of its TotalView debug- 
ging tools, and announced a new 
version of the Memoryscape 
memory debugger. The compa- 
ny changed its name to capital- 
ize on the success of its flagship 
product, company officials said. 

TotalView 8 includes new 
features such as C++ breakpoint 
extensions — which let users sus- 
pend the execution of a program 
at a particular location — an im- 
proved source code search path 
for finding source code files, and 
the option to buy the product 
with or without memory debug- 
ging capabilities. 

In addition, on April 30 the 
company will be releasing Mem- 
oryscape 2.0, a standalone mem- 
ory debugger that inspects mem- 



ory problems in C and C++, and 
can be used collaboratively with 
the TotalView debugger, compa- 
ny officials said. The product lets 
users stop their process at any 
point and run a leak detection re- 
port. Memoryscape 2.0 will sup- 
port Message Passing Interface, 
an API that allows message pass- 
ing on parallel computers. 

The company also an- 
nounced plans for a number of 
TotalView products to be re- 
leased in the second half of 
2007. Rich Collier, CEO of 
TotalView, said the company will 
offer tools that will help devel- 
opers with application perfor- 
mance analysis and trace data 
through program execution to 
find data problems. The compa- 
ny will also release a product 
that provides a debugging inter- 
face that will have integration 
capabilities with apps that use 
technologies such as Java and 
AJAX, Collier noted. I 



Laszlo Webtop and OpenLaszlo 
4.0. Laszlo Webtop enables the 
use of a rich internet application 
(RIA) within a browser, with 
built-in windowing and docking 
that allow use of multiple apps 
within a single browser plane, 
and drag-and-drop sharing of 
information. Laszlo claims Open- 
Laszlo 4.0 is the first RIA plat- 
form to support the development 
of apps in both Flash and AJAX. 

Lightstreamer, provider of 
a streaming engine based on 
Streaming AJAX, announced 
Moderato, a free version of its 
push server for live data distrib- 
ution. Streaming AJAX allows 
Lightstreamer to send textual 
data in real time, and company 
officials said it is ideal for data- 
like stock quotes, news and live 
bids at e-auctions. 

MB Technologies, creator 
of the Bindows AJAX frame- 
work, released InfiView, a devel- 
opment platform that company 
officials said lets developers 
build infinite-sized Web 2.0 
topologies, charts and diagrams. 
InfiView uses AJAX and an open 
platform that allows developers 
to select tools and interfaces. 

Parasoft, meanwhile, an- 
nounced the availability of Web- 
King 6.0, an automated Web 
testing suite that provides testing 
and analysis of Web sites and 
apps to ensure security. New fea- 
tures of Web King 6.0 include the 
ability to determine the origin of 
errors, and JUnit test generation. 

Sun Microsystems an- 
nounced a beta release of Glass- 
Fish 2, an open source develop- 
ment project based on Java EE 
that incorporates enterprise 
functionality from the Java Sys- 
tem Application Server, includ- 
ing administration, clustering 
and load balancing. Sun also 
released the Sun Web Develop- 
er Pack, a toolkit designed for 
simplifying access to open source 
technologies for creating apps 
and RSS feeds more rapidly. 

Visicom Media, a Quebec- 
based tools supplier, announced 
an update to its Dynamic Tool- 
bar. New in Dynamic Toolbar 5 
are an RSS Manager that 
detects RSS feeds and makes 
them available to users, and a 
Dynamic XML Menu that can 
display live information such as 
stock quotes and news. I 





PUERTO RICO: THE OFFSHORE ADVANTAGE IN THE USA 

Puerto Rico: a Unique Entrepreneurial Environment 



PRIDCO, the Puerto Rico Industrial Development Company is committed to help 
you launch your technology operations in Puerto Rico through its specialized 
business development teams offering: 

■ Complimentary site selection services. 

■ Project management support. 

■ Recruitment assistance. 

■ Ready-to-occupy facilities. 

■ Extensive supplier and business service profiles. 

■ One stop customer service team. 

Puerto Rico is the offshore advantage in the U.S.A. 
because of its: 

- Unique Talent 

Over 10,000 science, engineering and technical degrees granted each year. 
Bilingual (English and Spanish) workforce. 

- U.S. Citizenship 

The benefits and protections of operating within a U.S.A. jurisdiction (no 
International Trade in Arms Regulation "ITAR" restrictions, no customs, no 
currency exchange). 

~ Strategic Location 

Located at the intersection of trade routes from both North America and 
Europe, to Latin America and the Caribbean. Its vast air, sea and land 
transportation systems, makes it the transportation hub of the Americas. 



~ Innovation and Infrastructure 

Over $ 110M per year in federally - funded research. Internet2 
telecommunications research infrastructure. FCC - regulated competitive 
telecommunications environment. 

~ Profits and Competitiveness 

#1 cost competitive location in the United States according to KPMG's 2004 
Competitive Alternatives study. Unsurpassed federal tax benefits. 

Global Companies leading the way 
in Puerto Rico: 



Lockhee d Martin 

Hewlett Packard 
Pratt & Whitney 
Microsoft 
Honeywell Ae rospace 

Oracle 
Hamilton Sundstrand 



PRIDCO 

COMMONWEALTH OF PUERTO RICO 

Puerto Rico Industrial Development Company 



COMMONWEALTH OF 

Puerto Rico 

The advantages of going offshore. 
The security of being home. 



Join the global leaders, call PRIDCO at 1-888-5-PRIDCO to learn how to capture The Offshore Advantage in the USA or vi 



www.pridco.cor 
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Will SOA Become the New Siloed Application? 



< continued from page 1 

members who have built their 
careers around developing and 
maintaining individual business 
applications, to determining 
who pays for a service, and who 
maintains, updates and tests it, 
the analysts and consultants 
said. Learning to effectively 
manage shared services among 
many parties requires "time 
and gentle persuasion," said 
TIB CO Software senior vice 
president of product strategy 
Matt Quinn. 

Companies are left to their 
own devices to figure out how 
best to do that, added Web- 
Methods general manager for 
SOA solutions Lance Hill. And 
that rarely results in success, he 
said. "To make [SOA] work, you 
need senior-level commitment, 
and commitment at every level. 
And most companies don't have 
that." 

Both TIBCO and WebMeth- 
ods provide SOA consulting ser- 
vices, among other offerings. 

ONE PROCESS AT A TIME 

Departmental adoption, though 
it hinders SO As broader reach, is 
the most practical way to get 
started, said ZapThink analyst 
Ron Schmelzer. "If you tried to 
do SOA for all of a company's 
business processes [simultane- 
ously], it's a disaster." So most 
companies take on SOA one 
small business process at a time, 
said Sandy Carter, IBM vice 
president of marketing and strat- 
egy for SOA, noting that only 
5 percent of the company's SOA 
consulting engagements are 
enterprise projects. Smaller pro- 
jects typically get under way 
because "something is broken" 



in the business environment, she 
said. A manufacturer, for exam- 
ple, might find itself unable to 
keep pace with the financing 
incentives its competitors offer. 
So it implements a SOA to speed 
up the loan management process 
for a particular marketing pro- 
gram, such as "Buy now; pay no 
interest for 30 days," she said. 

The key, said the consultants 
and analysts, is not to allow 
small SOA silos to proliferate 
without paying attention to the 
larger whole. 

To reap SOA's promised 
benefits of service reuse, com- 
panies cannot simply imple- 
ment many small projects. They 
must figure out how to share 
services among multiple differ- 
ent business processes. That 
usually calls for consolidation, 
where attention to the big pic- 
ture is crucial, said Carter. "A 
large company may have as 
many as a thousand different 
ways to carry out a single func- 
tion, such as creating a new cus- 
tomer account." 

Managers heading SOA 
efforts must look at the various 
ways different business applica- 
tions accomplish that task, and 
decide which one to encapsulate 
as a service, she said. "You have 
to determine which [functions] 
represent best practices, and 
maybe borrow best practices 
from the industry." 

That's a tall order for those 
leading large-scale SOA efforts. 
Big companies have built vast 
teams of people to develop and 
maintain line-of-business appli- 
cations, said TIBCO's Quinn. 
SOA not only reconfigures 
those teams, it may also make 
some of the members expend- 





Which of the following best describes your firm's approach to or status of SOA? 

Not pursuing and no Will pursue ■ Use selectively without ■ Have an enterprise-level strategy 
immediate plans to do so within 12 months a clear strategy and commitment for SOA 


Not Using SOA 


Use/Planning to Use SOA 


All respondents 2005* 47% ^^^^^^H 


14% ^^^^^■EE3 






All respondents 2006 38% 


21% ^^^^^^^n 






*Base: 642 software and services decision-makers at North American and European enterprises. 
Base: 423 software and services decision-makers at North American and European enterprises. 
Source: Business Technographics November 2005 North American Enterprise Software and Services Survey 



able. "If a SOA strategy reduces 
the number of people a manag- 
er needs, he is going to find 
something wrong with it," he 
said. Managers in that situation 
can wield a lot of power, 
because every company has a 
vested interest in keeping its 
business applications operating 
smoothly, added Quinn. "The 
people around business apps 
have to feel there is something 
in SOA for them, too." 

TOO MUCH ON DEVELOPERS 

Sometimes that's a matter of 
coming up with new ways to 
incent developers, said Carter. 
"Traditionally they have been 
rewarded by creating new code. 
But SOA is about reuse." That 
may mean offering incentives to 
re-use services, she said. 

For the time being, it 
appears there is still plenty of 
code for developers to write. 
"Right now, too much is put on 
the developers," and that is hin- 
dering broader SOA adoption, 
said Ounce Labs' Berg. Devel- 
opers are being asked to write 
code to implement functions 
that should be carried out in the 
framework, he said. While 



baseline SOA standards such 
as XML and Web Services 
Description Language (WSDL) 
are well established and fully 
implemented in the tools, oth- 
ers such as WS -Policy (for man- 
aging rules associated with 
using a Web service) are not, 
added Quinn. That impacts 
developers in terms of how 
much work is expected of them, 
he said. "They should be 
focused on business logic. But 
instead they are focused on 
[writing code to implement] the 
infrastructure." 

Forrester analyst Randy 
Heffner agreed SOA standards 
need to mature, particularly 
those that help companies gov- 
ern how services are managed. 
One aspect of governance that 
is missing today, he said, is the 
ability to place an individual 
service in a larger portfolio of 
services before that service has 
actually been developed. "You 
can't build all of your services at 
once," he said, "but determin- 
ing from the get-go what the 
larger service portfolio will 
include is critical, he said. 

Heffner said that while 
many are quick to point out 



how few businesses have made 
wholesale commitments to 
SOA, actual adoption rates fall 
in the range he expected. 

"We are making progress," 
he said. In a survey conducted 
by Forrester in late 2005, 
53 percent of the companies 
surveyed said they were using, 
or planning to use, SOA. Of 
those, 18 percent said they had 
an enterprise-level commit- 
ment and strategy for SOA. 
Those numbers rose in 2006 — 
62 percent said they were 
using, or planning to use, SOA. 
And 22 percent said they had 
an enterprise-level commit- 
ment and strategy for SOA. 

The real measure of SOA's 
success will occur when the 
term itself becomes irrelevant, 
said TIBCO's Quinn. "In 1997 
and 1998, the big thing 
was e-business. No one talks 
about e-business today. And 
yet everything people are doing 
in IT is related to e-business." 
SOA is headed in that same 
direction. "All projects will be 
SOA projects, and the concept 
of SOA will permeate every 
aspect of IT," he said. "But we 
won't necessarily call it SOA." I 



BUSINESS OR IT: WHO HEADS SOA EFFORTS? 



Not many SOA projects get 
the ultimate go-ahead: an 
endorsement from the com- 
pany's chief executive officer. 

But when it happens, a 
blessing from the CEO can 
greatly ease a company's 
transition from department- 
level service-oriented archi- 
tecture projects to a SOA 
strategy that spans the 
enterprise. 

"We are only just begin- 
ning to see CEOs stand up and publicly 
state that SOA is critical to the future of 
the company," said Forrester analyst 
Randy Heffner. That's a sign that SOA is 
gaining ground, he said. 

SOA leadership today falls into three 




'There is no tight 

alignment with the 

business side yet' 

regarding the 

implementation of SOA. 



—Sandy Carter, 

IBM's vice president of marketing 

and strategy for SOA 



categories: line-of-business managers, 
ClOs and CEOs, said analysts and SOA 
consultants. 

Line-of-business managers lead the 
pack, said IBM's vice president of market- 
ing and strategy for SOA, Sandy Carter. 



They head department-level SOA 
projects focused on a single business 
process. About 70 percent of IBM's 
SOA engagements fall under this 
category, she said. 

About 25 percent of the compa- 
ny's SOA engagements are headed 
by technology managers executing 
the ClO's vision. Such projects usual- 
ly focus on consolidating a company's 
IT infrastructure, she said. "There is 
no tight alignment with the business 
side yet." Typically funded by money 
initially designated for other IT projects, 
technology-led SOA efforts often serve as 
a testing ground, said Heffner. They 
enable IT executives to make their case 
for SOA to the senior management. 
Although SOA is an IT approach and appli- 



cation development strategy, at the end 
of the day it is a business discussion, he 
said. "At some point you have done 
enough, and the conversation can begin." 
While CEO-led SOA efforts are hap- 
pening today, they represent only 5 per- 
cent of IBM's SOA engagements, and 
typically occur only when a company is 
in trouble, said Carter. "The business is 
losing money and market share. It's an 
emergency situation." Even when that's 
not the case, the CEO's SOA endorse- 
ment is just a start, said TIBCO Soft- 
ware's senior vice president of product 
strategy, Matt Quinn. Strong leadership 
at every level is key, he said. "It's excep- 
tion management that causes SOA to fall 
apart." 

-Jennifer deJong 



COVERITY FINDS THE DEADLY 
DEFECTS THAT OTHERWISE 
GO UNDETECTED. 



Your source code is one of your organization's most valuable assets. How can you be sure there are no 
hidden bugs? Coverity offers advanced source code analysis products for the detection of hazardous defects 
and security vulnerabilities, which help remove the obstacles to writing and deploying complex software. 
With Coverity, catastrophic errors are identified immediately as you write code, assuring the highest possible 
code quality — no matter how complex your code base. FREE TRIAL: Let us show you what evil lurks in your 
code. Go to www5.coverity.com to request a free trial that will scan your code and identify defects hidden in it. 
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With the new Studio Enterprise 2007 

Scheduling and Calendar components, 
you can build Fully functional Outlook 
2007-style Scheduling applications 
quickly — with virtually no code. 

Introducing Schedule and Calendar 
for Windows and the Web: 



Built-in data layer manages appointment, nescu rce. 
contact category, iabe! and status collections 
automatically 

■ Day, Week. Work Week, and Month data views 

■ One control and one property manages all data views 

■ Office 2007- sty le AutoForm* ts 

- Outlook-style appointments with custom 
recurrence and reminders 

■ Rich Client-side Object Models casaned 

- No Code A J AX Support casrneti 

■ Full ASP_NETAJ AX Support i asp.net> 
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The Most Comprehensive Suite of Visual Components Available Anywhere 
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Syncfusion Syncs Up With Microsoft 

Essential Studio 5 supports Windows Vista, Office 2007, ASP.NET AJAX 



BY DAVID WORTHINGTON 

Syncfusion, an ASP.NET and 
Windows Forms component 
vendor, has updated its Essential 
Studio suite to be current with 
Microsoft. Essential Studio ver- 
sion 5 makes broad use of the 
Office 2007 UI, is Windows 
Vista-compatible and supports 
ASP.NET AJAX. The suite's 
BackOffice components have 
also been refreshed. Its expect- 
ed release date was April 10. 

According to the company, 
each Essential Tools control, in- 
cluding Menus, Toolbar, Group- 
bar, Tabs and Rich Text Editor, 
has been given Microsoft Office 
2007 theme support. Other 
Office 2007 enhancements are 
application-specific. The Rib- 
bon control within Essential 
Tools for Windows Forms has a 
new dropdown designer for 
making customizations. Cus- 
tomizable Tab Groups and 
Microsoft Office 2007 themed 
galleries are included. 

The controls are compatible 
with Windows Vistas UAC (User 
Account Control) features, and 
customers' applications may be 
recompiled using Essential Stu- 
dio to work with Windows Vista. 

The Rich Text Editor in Es- 
sential Tools for ASP.NET offers 
more styles and skins and has an 
updated spellchecker. A new 
AutoFormat feature has a prede- 
fined set of styles across controls 
that can be applied with a click. 

CHARTS AND GRIDS 

Syncfusion's Essential Chart for 
ASP.NET and Windows Forms 
includes new chart types and 
stacking support. ASP.NET 
AJAX support has enabled 
scrolling as well as interactive 
zooming and cursor support. 

The .NET grid component, 
Essential Grid for ASP.NET, 
has new customizable grouping 
options and data caching tech- 
niques that optimize database 
use, and, according to Syncfu- 
sion, simplifies coding. Office 
2003 and 2007 themes have 
been added to the Windows 
Forms edition in addition to 
minor performance upgrades. 

Essential Diagram replicates 
Microsoft Visio diagramming 
for Windows Forms and 
ASP.NET applications. The 
program has been revamped to 
be more intuitive and respon- 
sive. And its line routing and 
layout has been enhanced. 



Last, Syncfusion's DocIO and 
XlsIO BackOffice components 
have several improvements. 
DocIO has preservation features 
for AutoShapes form fields in 



templates, footnotes and end- 
notes. It now supports a GetText 
method so developers can pull 
text from a template Word docu- 
ment. There's also a new API for 



creating nested tables, and users 
can replace bookmark text. 

Essential XlsIO, a .NET 
library that reads and writes 
Excel files, now checks to see 



whether cells have external for- 
mulas. It can remove error 
markers when data types are 
mismatched, or modify the 
data type. I 
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LEADT00LS 
Raster Imaging Pro 

by LEAD Technologies 

Raster Imaging Pro gives developers the tools 
to create powerful imaging applications. LEAD- 
TOOLS libraries extend the imaging support of 
the .NET framework by providing comprehen- 
sive support for image file formats (1 50+), 
200 image processing filters, compression, 
TWAIN scanning, high-speed image display, 
color conversion, screen capture, special effects 
and more. 
•. NET, API & C++ Class Library 

• New Web Forms Control 

• New Class Libraries for .NET 

• Royalty Free „ . 

programmers.com/lead 




dtSearch Web with Spider 

Quickly publish a large amount of data to a Web site 

• Dozens of full-text and fielded data search options. 

• Highlights hits in XML, HTML and PDF, while Jf 
displaying links and images; converts other files n5oancH| • 
("Office," ZIP, etc.) to HTML with highlighted hits. 

• Spider adds local or remote web sites (static and 
dynamic content) to searchable database 

• Optional API supports SQL, C++, Java, and all 
.NET languages. 

"Bottom line: dtSearch manages a terabyte of Single Server 

text in a single index and returns results in Pa ra d i se # 

less than a second. " — InfoWorld D290726 
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DynamicPDF ReportWriter v4.0 for .NET 

by ceTe Software 

This easy-to-use tool integrates with AD0.NET 
allowing for the quick, real-time generation of 
PDF reports. The new GUI Report Designer makes 
laying out quality reports extremely simple. 

•WYSIWYG Report Designer 

• PDF Report Templates 

• Recursive Sub-reports 

• Automatic pagination, record 
I and expansion 




DynamicPDF 




Download dtSearch Desktop with 
Spider for immediate evaluation 



Full DynamicPDF Merger 
and Generator Integration 

Barcodes & PDF/X-1 a 
programmers.com/dtsearch j • Event Driven 
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DevTrack 

Powerful Defect and 
Project Tracking 
by TechExcel 

DevTrack, the market-leading defect and project 
tracking solution, comprehensively manages 
and automates your software development 
processes. DevTrack features sophisticated 
workflow and process automation, seamless 
source code control integration with VSS, 
Perforce and ClearCase, robust searching, 
and built-in reports and analysis. Intuitive 
administration and integration reduces the cost 
of deployment and maintenance. 
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c-tree Plus® 

by FairCom 

With unparalleled performance and sophistication, 
c-tree Plus gives developers absolute control over 
their data management needs. Commercial 
developers use c-tree Plus for a wide 
variety of embedded, vertical market, 
and enterprise-wide database applications. 
Use any one or a combination of our flexible 
APIs including low-level and ISAM C APIs, simplified 
C and C++ database APIs, SQL, ODBC, or JDBC. 
c-tree Plus can be used to develop single-user and 
multi-user non-server applications or client-side 
application for FairCom's robust database server 
— the c-treeSQL™ Server. Windows to Mac to 
Unix all in one package. 
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TX Text Control 13 

Word Processing Components 

TX Text Control is royalty-free, robust 
and powerful word processing software in 
reusable component form. 

•. NET WinForms control for VB.NET and C# 

• ActiveX for VB6, Delphi, VBScript/HTML, ASP 
•File formats RTF, DOC, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text frames, 
bullets, numbered lists, multiple undo/redo 

• Ready-to-use toolbars and dialog boxes 
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/n software Red Carpet 
Subscriptions 

by /n software 

/n software Red Carpet™ Subscriptions give 
you everything in one package: communica- 
tions components for every major Internet 
protocol, SSL and SSH security, S/MIME 
encryption, Digital Certificates, Credit Card 
Processing, ZIP compression, Instant 
Messaging, and even e-business (EDI) 
transactions. .NET, Java, COM, C++, Delphi, 
everything is included, together with per 
developer licensing, free quarterly update CDs 
and free upgrades during the subscription term. 

programmers.com/nsoftware 



Compuware DevPartner Studio 
8.1 Professional Edition 

by Compuware 

Compuware's award-winning DevPartner Studio 
Professional Edition lets you debug, test and tune 
your code in Microsoft Visual Studio applications, 
so you can deliver more reliable applications 
quickly and with ease. What else? 

• Identify coding errors 

• Find memory leaks in .NET and native code Named User with 
•Pinpoint performance bottlenecks 

• Automatically locate thread deadlocks 

• Measure code complexity 

$Q O | C 99 : 

• Analyze system configuration problems ^/^ ' **• j 

• Ensure proper test coverage programmers.com/compuware 
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VMware® Infrastructure 3 

The most widely deployed software suite for 
optimizing and managing industry standard IT 
environments through virtualization — from the 
desktop to the data center. The only production- 
ready virtualization software suite, VMware 
Infrastructure is proven to deliver results at 
more than 20,000 customers of all sizes, used 
in a variety of environments and applications. 
The suite is fully optimized, rigorously tested 
and certified for the widest range of hardware, 
operating systems and software applications. 
VMware Infrastructure provides built-in management, 
resource optimization, application availability and 
operational automation capabilities, delivering 
transformative cost savings and increased operational 
efficiency, flexibility and service levels. 

programmers.com/vmware 




Adobe FlexBuilder 2 

by Adobe 

Adobe® FlexBuilder™ 2 software is a rich 
Internet application framework based on 
Adobe Flash® that will enable you to 
productively create beautiful, scalable 
applications that can reach virtually anyone 
on any platform. It includes a powerful, 
Eclipse™ based development tool, an 
extensive visual component library, and 
high-performance data services enabling 
you to meet your applications' most 
demanding needs. 
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Intel® Cluster Toolkit 

by Intel® 

Create applications for Intel® processor- 
based cluster systems with performance- 
enhancing tools that include perform- 
ance libraries, performance analyzers, 
and benchmark tests — integrated into 
one easy-to-install software bundle. 
Intel® Cluster Toolkit 3.0 for Linux 
adds more than 20 new features to the 
core libraries and tools to efficiently 
develop, optimize, run, and distribute 
parallel applications on clusters with 
Intel processors. 



r HhM 



programmers.com/adobe 



Paradise # 
I230ESL 

$ 713." 

programmers.com/intel 



NightStar LX Debugger 
for Red Hat Enterprise 4 

by Concurrent 

Need to debug complex, multi-threaded, 
multi-core Linux® code? 
NightStar is your answer! 

• Deterministic debugging, monitoring, tracing 
and tuning 

• Ideal for time-critical applications 

• Application speed debugging and analysis 

• Easy-to-use graphical user interface 

• Support for any mix of GNU and Intel C/C++ 
and Fortran tasks 

• Self-hosted or remote target system operation 
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• Comprehensive on-line help facilities 
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Novell Continues Linux Makeover 



BY P.J. CONNOLLY 

Novell used its March Brain- 
Share conference in Salt Lake 
City to announce a number of 
forthcoming updates to its oper- 
ating system packages and sys- 



tems management tools. But 
the biggest change for attendees 
might have been Microsoft's 
new status as a platinum-level 
sponsor, instead of being the 
whipping boy of years past. 



Rather than mocking the 
executives of Redmond, the 
keynote showcased the new 
detente between the two com- 
panies, with Microsoft chief 
researcher and strategy officer 



Craig Mundie joining Novell 
CTO Jeff Jaffe on stage at the 
Salt Palace. 

The company unveiled a 
beta version of the first service 
pack for SUSE Enterprise Lin- 
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ux 10, with additional support 
for Xen-based virtualization, 
updates to security and storage 
options, and improved function- 
ality in multicore systems. The 
service pack is expected in May 
Novell also announced that 
a public beta of Open Enter- 
prise Server 2, the company's 
bundling of the venerable Net- 
Ware 6.5 with SUSE Enter- 
prise Linux, would begin in 
May. The new Open Enter- 
prise Server will allow cus- 
tomers to run virtualized Net- 
Ware installations on top of 
SUSE Linux, on both 32- and 
64-bit hardware. 

THINKING THIN 

Thin-client fans also got some 
love, as the company revealed 
plans to bundle its SUSE Linux 
Enterprise Desktop and a sys- 
tem image management tool 
later this year, offering channel 
partners an alternative to one- 
off customizations. 

Novell also announced the 
release of updates to its ZEN- 
works Linux Management tool 
set, which now supports both 
Red Hat Enterprise Linux and 
Novell's SUSE Enterprise Lin- 
ux, and other identity and 
security tools. I 

Introscope 
Extended With 
SOA Manager 

BY DAVID WORTHINGTON 

In a SOA-driven enterprise, the 
root causes of transaction fail- 
ures and bottlenecks have to be 
isolated and found quickly. CA 
Wily's new SOA Manager, 
released in mid- March, incorpo- 
rates and extends the capabilities 
of the company's Introscope. 

SOA Manager automatically 
discovers Web services and ser- 
vice business units, and moni- 
tors the services with preconfig- 
ured dashboards. It can monitor 
services that run on top of .NET 
and J2EE applications. 

SOA Manager's local ser- 
vice catalog imports Web Ser- 
vices Description Language 
files from UDDI service reg- 
istries, while the process man- 
ager pulls out transition points in 
business processes and maps out 
their process flow It tracks the 
performance of transactions 
across heterogeneous systems 
and back-end systems. 

Transaction reporting and 
alerts notify administrators 
about which transactions re- 
quire triage. I 
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Visualizing Risks in Software Development 

Metal lect IQ Server update adds tools for diagramming and task management 



BY JEFF FEINMAN 

Metallect, a Piano, Texas- 
based provider of software risk 
management tools, is expected 
to announce the newest ver- 
sion of Metallect IQ Server, an 
automation and reporting 
engine, on April 16. 

Metallect IQ Server 2.7 
includes a new diagramming 
function that allows businesses 
to view a greater amount of 
"high-level" detail. The main 
goal of the diagram is to facili- 
tate collaboration between IT 
and business, according to 
company officials. 

Guy Hoffman, CEO of 
Metallect, explained that "with 
a diagram like this — where 
you can actually demonstrate 
where different forms of code 
exist as well as the ramifica- 
tions of tasks throughout the 
application — you can figure 
out risk factors, and IT has the 
ability to explain the complex- 
ity of what they're doing in 
terms that the business people 
can understand." 

Other new features of IQ 
Server include granular graph- 
ing capabilities that can help 
to foresee unintended mis- 
takes, and a main page task list 
that allows customers to dupli- 
cate tasks. 

TAKING THE NEXT STEP 

Metallect IQ Server was first 
introduced in 2004, and went 
out initially as a product for 
source code search and brows- 
ing, according to Hoffman. 
Metallect added reporting 
capabilities to the product in 
2005, but Hoffman said that 
even then, there wasn't 
enough input regarding soft- 
ware risk management. 

"Our customers kept com- 
ing back to us saying, 'Devel- 
opment spans beyond the 
development organization, and 
we really need a mechanism 
for people to collaborate across 
these different entities — like 
the gap between the developer 
and QA,'" Hoffman said. 
"That's when customers said, 
'We need you to add some 
improved visualization tech- 
niques because we need some 
higher-level views of this, and 
you need to give us more sim- 
plified tasks.' So this new ver- 
sion is really that next step." 

The reporting functions of 



Metallect IQ Server include an referenced by other applica- sis report. IQ Server scans information collected during 

application dependency re- tions — a summary of the com- source code and metadata to ere- these scans with multiple propri- 

port — which identifies resources plexity metrics for a selected ate a catalog of application com- etary algorithms to infer relation- 

in an application that are being application, and an impact analy- ponents. The tool then analyzes ships between components. I 
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TIBCO Open-Sources III Testing Tool 



BY DAVID WORTHINGTON 

TIBCO Software opened up 
the source code to its General 
Interface Test Automation Kit 
on April 2. The company has 
used the kit, known as GITAK, 



during the past few years of 
product development, to test 
TIBCO General Interface- 
powered AJAX applications. 

GITAK runs in-browser and 
inherits many of its capabilities 



from Selenium Core, an open 
source test tool for Web appli- 
cations, which verifies browser 
compatibility and creates and 
defines regression test cases. 
Tests are copied from the 



repository to the application 
Web server and are executed 
through client-side browsers. 

Selenium Core is written 
entirely in JavaScript/DHTML 
and utilizes the JsUnit unit test- 
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ing framework. JsUnit, a port of 
JUnit to JavaScript, can be used 
to make assertions, share test 
data and perform tests of client- 
side JavaScript. 

According to Kevin Hak- 
man, TIBCO's director for 
developer evangelism, the tools 
evolved beyond Selenium 
Core s functionality, as the com- 
pany "dogfooded" what became 
GITAK and used it to test new 
and updated products. GITAK 
extends Seleniums capabilities 
with its own enhancements to 
test General Interface GUI ele- 
ments, as well as application 
business logic. 

There are no test recording 
and playback capabilities in the 
current releases, but Hakman 
said that those capabilities are 
on the statement-of-direction 
for the test kit. GITAK runs 
independently and does not 
integrate with other TIBCO 
products. I 

Parasoft Integrates 
C/C++ Tools 

BY DAVID WORTHINGTON 

Parasoft C++test and Parasoft 
Insure ++ have been morphed 
into plug-ins for Eclipse and 
Visual Studio, changing their 
place in the development 
process. 

Development teams can 
apply Parasoft C + +test 7.0's 
utilities earlier in the develop- 
ment process than before. The 
tool provides facilities for cod- 
ing policy enforcement, static 
analysis, code review, unit test- 
ing, component testing and 
regression testing. 

It has a new code review 
module that automates peer 
code reviews and a feature called 
"BugDetective," that sleuths out 
runtime bugs by tracing and sim- 
ulating execution paths. Because 
it is Eclipse-compatible, C++test 
integrates with Wind River Sys- 
tems' Workbench for device 
deployment environments. 

Parasoft s C/C++ solutions 
manager, Sergei Sokolov, said 
that these tools usually come 
from different vendors, are 
"stitched together" and live out- 
side of IDE s. "We are fielding a 
tool that combines most best 
practices," Sokolov said. 

Insure ++ 7.1 targets the 
root cause of bugs resulting 
from improper use of the Stan- 
dard Template Library (STL). 
To that end, it verifies proper 
use of STL during runtime, and 
verifies STL containers, itera- 
tors, pointers and references. I 
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A Prototype for Compatibility 



< continued from page 1 

programmer when he discov- 
ered Prototype. He was building 
a Web site for his jazz band 
when he happened upon the 
project. "I'd say the code is 
beautiful," said Langel. "And I'd 
say I learned about 90 percent of 
what I know about JavaScript by 
studying the code that's inside 
Prototype and [its sister project] 
Script.aculo.us. It's really per- 
fected; it's really smart. It's there 
to ease the pain out of the client- 
side scripting." 

But it's the capabilities of 
Prototype that hold the most 
beauty, said Langel. Rather than 
requiring developers to code up 
browser-specific elements and 
bug fixes, Prototype extends the 
Document Object Model 
(DOM) and allows for more 
effective use of the data inter- 
change format JavaScript Object 
Notation (JSON). That means 
an application built on top of 
Prototype should function in the 
same way regardless of the 
browser it's run in. 

By contrast, the Google Web 
Toolkit takes an entirely differ- 
ent approach to cross-browser 
incompatibilities. While Proto- 
type gives developers a single 
file of code that works in all 
browsers, GWT compiles sepa- 
rate versions of an AJAX appli- 
cation and then sends browser- 
specific code to each client that 
asks for the page. 

ROCKY TERRAIN 

"It is a very big problem," said 
GWT technical lead Bruce John- 
son of browser inconsistencies. 

"It's hard to have it solved in 
the general case — it's virtually 
impossible," he said. "You really 
have to pick a set of use cases; 
then you can create cross-brows- 
er compatibility for those cases. 
Then hopefully it will extend to 
other use cases. You would be 
very surprised at how rocky the 
terrain really is. For a given use 
case [that] you didn't plan to sup- 
port, there is a real chance it 
won't work, even when you think 
it should. [Some functions, such 
as] Focus can behave in a strange 
way. The structure of the DOM 
itself is different [in each brows- 
er]. The more complex the appli- 
cation you try to write, the more 
you realize that the underlying 
browser designs diverge." 

Langel and his co-coders 
are currently finishing work 
on Prototype. js 1.5.1, which 
should be out around the mid- 



dle of this month. This edition 
improves JSON support and 
adds functional improvements. 
"The $$ function is a great 
function to grab any DOM ele- 
ments in a Web page by using 
CSS [Cascading Style Sheets] 



type selectors," said Langel, 
describing the speed and usage 
improvements to the $$ function 
in 1.5.1. "You can write a type, 
and you can grab all the elements 
that correspond to that. We've 
added all of the CSS 3 selectors 



to that. That means you can 
select really easily, with one snip- 
pet of code, and get all the ele- 
ments on the page that are linked 
[and] pointing to, say, a PDF 
document, and you can do some- 
thing to each of those elements." 



Prototype is not alone in its 
development stable. The team 
behind Prototype is also work- 
ing on Script.aculo.us, a library 
of JavaScript interface func- 
tions used to pretty up Web 
pages. The functionality of 
Script.aculo.us is built on top of 
Prototype, and includes many 
cross-browser interface tricks. I 




Integrated Quality With Visual Studio 



As more and more of the world depends on software for its daily functions, 
the impact of poor software quality cannot be understated. Analysis in 
recent years shows 40% of unplanned downtime is caused by application 
errors that cost businesses an average of $100K per hour. 1 Flexible and 
adaptable Quality Assurance techniques and processes that keep up with 
the growing complexity of software and changing business needs can help 
maximize business outcomes. 

Obtaining the elusive perception of quality however, is more than just 
injecting quality into the application management lifecycle. The slogan 
"Quality is Job #1" must be something that is infused throughout the 
organization — from the designers to the managers to the developers, 
and finally to those who support the customer. 



The Integrated Quality Approach 

Quality like any other aspect in producing software, has a lifecycle as 
well. For many solutions, this quality lifecycle is managed outside of the 
traditional application development lifecycle. This separation is not usually 
intentional; rather, it is just a reflection of the hard boundaries between the 
solutions used for management, development and quality. Visual Studio 
Team Edition for Software Testers takes a different approach with an 
integrated solution that reflects the interactions that need to take place 
between management, development and test. 

Besides addressing specific quality concerns, it provides an integrated 
software delivery platform for all of the disciplines that are involved in 
building software. The infusion of quality into software development 
results in software that meets the expectations of its customer from all 
perspectives — functionality, design, experience and requirements. 

Figure 1 illustrates an example of the Quality Indicators Report. This 
detailed report pulls together data automatically and intelligently from a 
number of different disciplines to form an overall picture of quality at any 
given time. 
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Figure 1 



Gartner, "Operational Change Management: The Long and Winding Road," Presentation, Kris Brittain, December 2003 



Measuring Performance 

Performance is a critical aspect for any software project. Poor performing 
applications are immediately noticeable, and will impact the performance 
of customers with each and every use. Poor performance is often cited as 
the reason for deeming that a project has failed. 

Visual Studio Team Edition for Software Testers incorporates some of the 
most sophisticated stress and performance testing functionality available 
on the market. Integrated with Visual Studio Test Load Agent, it can form 
an enterprise-grade scalability testing platform with hierarchies of test 
controllers and agents. 

Figure 2 illustrates an instance of Visual Studio Team Edition for Software 
Testers controlling a hierarchy of three test agents. 
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Figure 2 

The inbuilt prescriptive guidance provides pre-packaged counters, 
thresholds, pre -built views of load statistics and their effect on the 
under test and built-in knowledge of server behavior. 

Figure 3 illustrates a load test in progress. 
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Figure 3 



Team Edition for Software Testers 



Web Testing 

Web-based applications and services are growing exponentially in the 
enterprise as well as the consumer marketplace. For many segments of 
customers, web-based applications are the only kind they use. Visual Studio 
Team Edition for Software Testers enables teams to record, customize and 
validate web scenarios with sophisticated web testing. Whether your 
enterprise has deployed first-generation SOAP web services, latest 
WSI-compliant web services, first-generation CGI-based web applications 
or the latest AJAX-enabled web applications, Visual Studio Team Edition 
for Software Testers provides a solution for verifying quality, performance 
and scalability. 

The old adage is that poor performance in a software application is caused 
by one bad line of code at a time. To track micro-performance metrics, 
Visual Studio Team Edition for Software Testers enables teams to set 
performance goals for each specific page in their application, as illustrated 
in Figure 4. 




Figure 4 

Holistic performance is important as well; Visual Studio Team Edition for 
Software Testers computes 95th percentile result categorizations to give 
teams an accurate yet aggregated view of their overall performance. 
Figure 5 illustrates an example of this. 
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Thorough Communication 

Communication or the lack thereof is very often the source of failure in 
a software project. Visual Studio Team Edition for Software Testers provides 
a platform and a common set of technologies that form the basis for 
communication for the entire organization. Assets of one team can be 
used by other teams because they share the same set of tools. Metrics that 
executive management wants can be calculated because the tools have 
captured all the right data. At any point in the design, development and 
validation of a project, a team member can raise the visibility of an issue 
and communicate its importance to the rest of the team. This empowers 
every member of the team, no matter what their discipline is and where 
they sit in the organization. 



The Quality Continuum 



As software becomes more and more pervasive, the quality of that software 
will become a key differentiator in the market. Many disciplines are 
involved in building a product, so those same diverse disciplines should 
be involved in verifying its quality. Doing so in a productive, cost-effective 
manner is possible with an integrated delivery platform such as 
Visual Studio Team Edition for Software Testers. 

For more information, contact your local Microsoft 
representative or Microsoft partner and learn more at: 
http://msdn.microsoft.com/vstudio/teamsystem/products/test/ and 
http://msdn.microsoft.com/vstudio/teamsystem/products/load/ 



Figure 5 




Microsoft 



\j$ Visual Studio 2005 

Team Edition for Software Testers 
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GPLv3 Gets Sweeping Changes 



< continued from page 1 

specialized or enterprise-level 
computer facilities, we found 
that sometimes these organiza- 
tions actually want their sys- 
tems not to be under their own 
control. Rather than agreeing 
to this as a concession, or bow- 
ing to pressure, they ask for 
this as a preference. It is not 
clear that we need to interfere, 
and the main problem lies 
elsewhere." 

That's a long way of saying 
that GPLv3 will seek to prevent 
manufacturers from limiting 
consumer-level modification of 
their electronics products, 
while not interfering with busi- 
ness devices. The FSF, howev- 
er, anticipates that its definition 
of user products is broad, and 
errs on the side of inclusion, 
rather than exclusion. 

Of primary concern to the 
FSF in this draft seems to be 
the Microsoft/Novell deal, 
which extends patent litigation 
protections to S USE Linux cus- 
tomers, but not to users further 
downstream who may have pur- 
chased, stolen or copied the 
SUSE operating system from 



Novell's customers. Indeed, the 
FSF included an entire section 
in its GPLv3 explanation state- 
ment commenting on the 
Microsoft/Novell agreement, 
and detailing the methods 
added to the GPL in order to 
prevent these types of agree- 
ments in the future. 

Chief among these changes, 
in section 11 of the GPLv3, is 
the forced extension of any 
patent protections to all down- 
stream users. 

The FSF writes that, while 
the Microsoft/Novell deal 
seems to have failed to weaken 
the Linux community thus far, 
"We cannot take for granted 
that such threats will always fail 
to harm the community. We 
take the threat seriously, and we 
have decided to act to block 
such threats, and to reduce 
their potential to do harm. Such 
deals also offer patent holders a 
crack through which to split the 
community. Offering commer- 
cial users the chance to buy lim- 
ited promises of patent safety in 
effect invites each of them to 
make a separate peace with 
patent aggressors, and abandon 



the rest of our community to its 
fate." 

Bruce Perens, author of sev- 
eral open-source-related books 
and a self-proclaimed open 
source evangelist, said that he 
expects further revisions of 
section 11. 

"I think that the Novell/ 
Microsoft wording will be re- 
fined significantly," he said. He 
added that the current wording 



in the GPL addresses only the 
Microsoft side of the agreement, 
and that he expects wording to 
be added to address Novell on 
its side of the equation. 

Richard Stallman, creator of 
the GPL and its largest single 
influencer, agreed with Perens 
that the newly added Micro- 
soft/Novell clauses are rough 
around the edges. "We finished 
writing that part on Saturday," 



said Stallman on March 28. 

Stallman also stated that the 
possibility of moving the Linux 
kernel to GPLv3 is still alive. 

"I would hope they would 
consider it," he said. Previous 
versions of the GPLv3 had 
drawn comments from Linus 
Torvalds that cast the potential 
move to a new license as ques- 
tionable, but Stallman said he's 
expecting the Linux community 
to warm up to the new version 
due to the Microsoft/Novell 
agreement. I 



W3C REVIEWS SERVICE MODELING SPEC 



< continued from page 1 

misinterpretation by enabling a 
hierarchy of IT resource mod- 
els. These are created from 
reusable components rather 
than requiring custom descrip- 
tions for every service. A com- 
panion specification dubbed 
SML Interchange Format 
(SML-IF) defines how to 
exchange SML models be- 
tween applications. 

The SML components 
include validation constraints to 
make system integrations more 
reliable and automated. It sup- 
ports rich constraints and align- 



ment with XML message 
exchange architectures; in a 
prepared statement, Microsoft 
noted that this makes SML well 
suited for modeling IT re- 
sources and services. 

NO OVERLAPPING 

ZapThink analyst Ron Schmelz- 
er agreed with Microsoft's 
assessment: "SML is not about 
the service contracts or inter- 
faces, as WSDL [Web Services 
Description Language], BPEL 
[Business Process Execution 
Language] and other specs are, 
but rather on the underlying 



systems and configuration, such 
as configuration, deployment, 
monitoring, policy, health, 
capacity planning, target oper- 
ating range, SLAs and so on." 

Schmelzer noted that while 
SML may have some usefulness 
to the operations side of the 
organization, it is not particular- 
ly relevant to SO A at the archi- 
tecture level of abstraction. 

He observed that SML is 
not specifically focused on Web 
services, but is instead an XML 
format that can be leveraged in 
a variety of interface or archi- 
tecture types. I 
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SD West Bears Development Fruit 



BY ALEX HANDY 

SANTA CLARA — The SD 

West conference, held here in 
late March, played host to devel- 
opment tools vendors both new 
and old, with a distinct focus on 
the build cycle and on 
peer code review 

One of the new- 
comers to SD West 



introduce its new build auto- 
mation and management solu- 
tion. PerfectBuild 2007 gives 
developers a GUI-based man- 
agement system for handling 
the myriad dependencies asso- 
ciated with their 
builds, and for run- 
| ning nightly tests. 
Codefast offers its 



SDTimes 



was Australia-based Cenqua. 
This development tools compa- 
ny showed off its three source- 
code-oriented products; Clover, 
Crucible and Fisheye. Fisheye 
allows managers to analyze 
team efficacy by monitoring 
activity in source code reposito- 
ries. Clover, Cenqua s code test 
coverage analyzer, was available 
in a newly released version 2, 
and has added refined inter- 
faces for dealing with Maven 
and Ant. Crucible, which made 
its debut at the show, offers a 
way for peer code review to be 
broken up by employee, allow- 
ing developers to look over and 
annotate reviewed code on 
their own timetables, rather 
than in one large meeting. 
Codefast used SD West to 



own database for handling the 
information on dependencies, 
and can farm out builds to 
dynamically created grids. 

Source code search engine, 
Koders.net, announced the 
beginning of a public beta 
for the desktop version of its 
search tool. Koders Profession- 
al Edition allows programmers 
to search through any code 
stored on their hard drives 
quickly and efficiently. 

Back on the build side of 
the business, OpenMake 
Software announced that it 
would be breaking some ele- 
ments of its flagship Open- 
Make build management solu- 
tion into a free standalone 
automation product. Mojo 7.0 
can handle build scheduling, 



automated script execution 
and version differencing capa- 
bilities, all in a free package. 
Chief operating officer Tracy 
Ragan said that the company 
still has many other methods of 
speeding the build cycle, and 
that Mojo should help intro- 
duce users to OpenMake's oth- 
er products. 

Smart Bear Software re- 
leased a new product specifical- 
ly targeted at distributed peer 
code review. Smart Bear Code 
Reviewer is a server-based solu- 
tion that provides a Web win- 
dow to repositories, allowing 
teams all around the world to 
collaborate online when review- 
ing members' code. 

SourceGear showed pre- 
view versions of Vault and 
Fortress. Vault is a source code 
management system designed 
to be friendly to top- and bot- 
tom-level coders, and to work 
easily with both customer- 
facing and back-end code. Vault 
4.0 will add support for new 
IDEs and operating systems. 
SourceGear Fortress, on the 
other hand, is a new product 




Smart Bear Software had its titular animal on hand to discuss its peer 
code review system. 



that offers ALM control in a 
modestly priced package. 

Trolltech released two new 
betas. The first is a preview edi- 
tion of its Qt cross-platform 
development framework, and 
the second is the mobile devel- 
opment framework, Qtopia. Qt 
4.3 will add support for Win- 
dows Vista and improved per- 
formance with OpenGL for 3D 
effects within GUIs. Qtopia 4.3 
offers optimizations and speed 
enhancements that will im- 



prove overall performance on 
many handsets. 

And finally, as its name im- 
plies, Vanguard Voice Systems 

was enabling voice recognition 
within enterprise applications. 
The company's new version of 
AccuSPEECH adds support for 
dynamic database modifica- 
tions, thus allowing developers 
to change the data behind a 
voice-driven application with- 
out the need to recompile the 
entire program. I 
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Appistry Grid-Enables 
Apps Without Recoding 

EAF 3.5 eliminates perceived barrier to grid solution 



BY DAVID WORTHINGTON 

Appistry is simplifying what it takes 
for developers to weave applications into 
its commodity-hardware grid environ- 
ment. The company claims that Enter- 
prise Application Fabric 3.5 (EAF), 
announced last month, eliminates the 
need to refactor applications to run in a 
distributed manner, and delivers new 
capabilities for stateful applications. 

The Appistry platform is a distributed 
application grid that scales application 
performance and fault tolerance expo- 
nentially to the number of nodes that are 
added. Nodes are composed of "white- 
box" x86 hardware running Linux and 
Windows; developers address the grid as 
a single device. 

The main thrust of EAF 3.5 is to 
make it easier for developers to leverage 
the grid environment, said Sam Char- 
rington, vice president of product man- 
agement and marketing for Appistry. 
Charrington argued that the perceived 
need to recode applications has been a 



barrier to enterprises thinking about 
adopting grid solutions. 

Previous versions of Appistry required 
new code from a corollary architecture to 
become "distributed-aware." An API 
allowed Appistry to access state informa- 
tion, while application parameters were 
given to applications through the API, 
which arbitrated the information going in 
and out of the code, said Charrington. 

In contrast, EAF 3.5 annotates POJO 
(Plain Old Java Object), PONO (Plain 
Old .NET Object) and C/C++ applica- 
tions with source-level metadata. 
Appistry reads the metadata and incor- 
porates the applications into its distrib- 
uted application fabric. 

Another new feature is FAM (Fabric 
Accessible Memory). FAM is an in- 
memory data grid for application state 
information. Appistry treats RAM from 
individual computers as a single 
resource, so developers can "push" the 
working state of applications into FAM, 
said Charrington. I 



Tom Sawyer Floats Up Java Waters 

Data visualization library adds more Web capabilities 
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BY ALEX HANDY 

Since whitewashing 
fences is passe, the 
21st century namesake 
of Mark Twain's alter 
ego spends its time 
visualizing data. Oak- 
land, Calif.-based Tom 
Sawyer Software was 
expected to announce 
on April 12 the avail- 
ability of version 8.0 of 
its Java visualization 
library. The new edi- 
tion adds features to 
the Web side of the 
visualization tool, and 
also upgrades the in- 
cluded documentation. 

Tom Sawyer software engineer 
Erhan Giral said that the new Web 
interfaces for working with generated 
visualizations are the best new feature of 
version 8.0. "We added client-side edit- 
ing functionality," said Giral, stating that 
previous versions allowed users to view, 
but not modify, generated graphs on the 
Web. "It's now possible to edit graphs in 
the Web browser." 

Giral also said that the development 
team spent a great deal of its time work- 
ing on new documentation for the prod- 
uct. "It's now much more human-friend- 
ly. Before, we were just shipping 
example code, but now we are providing 
an HTML-based application that shows 




That's not bacteria replicating. It's a process diagram rendered in 
JavaServer Pages. 



the document codes very effectively. It's 
almost entirely rewritten." 

Other changes to the new version 
include support for exporting graphs as 
GIFs, improved support for Mac OS X, 
and a handful of speed-ups and usability 
changes to the various types of diagrams 
that it generates. 

Tom Sawyer Visualization version 
8.0, Java edition is sold in the form of 
libraries that can be integrated into 
existing applications. These libraries 
provide diagramming, best route finding 
and distribution capabilities to their par- 
ent applications. The company did not 
disclose pricing information, but more 
information can be found at www 
.tomsawyer.com. I 
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Symbian Dials Support 
For Digital TV, Services 

OS 9.5 also revved to perform 



BY P.J. CONNOLLY 

Symbian announced the launch of Sym- 
bian OS 9.5 at March's CTIA show in 
Orlando, Fla., with the stated aim of 
delivering richer user experiences and 
better performance for lower cost. 

Symbian OS 9.5 is backward-compat- 
ible with version 9, and offers reduction 
in battery, memory and processor 
requirements. The company claims this 
allows device makers to cram smart- 
phone functionality into so-called "fea- 
ture-phone" hardware. 

New memory optimization features 
include demand paging and automatic 
defragmentation of RAM; Symbian 
claims this can reduce memory use by 
an average of 25 percent. Naturally, 
less memory used by the operating sys- 
tem means more memory for concur- 
rently running user applications. Mem- 
ory optimization can also reduce device 
unit cost by reducing the amount of 
memory required for the phone's fea- 
ture set. 

Symbian OS 9.5 allows application 
developers, handset vendors and system 
integrators to reduce time-to-market 
while including support for new services 
such as digital TV and location-based 
services. 

The new Symbian OS also includes a 
SQL database for storing application 
data locally, as well as integrated 
P.I.P.S. (for "P.I.P.S. is POSIX on Sym- 
bian OS"). Between the built-in data- 
base and POSIX support, Symbian 
claims that porting existing desktop and 
server applications takes less time than 
with previous Symbian platforms. 

Multimedia was also on Symbian's 



agenda for the OS 9.5 release. It sup- 
ports advanced camera features such as 
panorama stitching, preset image 
enhancement, red-eye reduction and tilt 
sensors, to name four of 35. 

Devices using Symbian OS 9.5 will 
be able to take advantage of more robust 
support for connection roaming, offer- 
ing users access to WiFi networks in the 
office, and 3G networks on the road. 
Other features allow the simultaneous 
use of multiple network services. 

Contact data in Symbian OS 9.5 is 
stored in a SQL database, allowing cus- 
tomers with hundreds and thousands of 
address book entries to use their infor- 
mation efficiently. The company also 
claims improvements in interoperability 
with IBM's Lotus Notes and Microsoft's 
Exchange and. 

Symbian OS 9.5 adds support for 
Brahmic scripts, used in Hindi, Nepali, 
Tamil and other Indo- Asian languages. 
According to the company, this 
gives Symbian OS language support 
that covers 99 percent of the world's 
countries. 

The new release of Symbian OS 
works with a number of digital TV and 
related formats, including DVB-H (Dig- 
ital Video Broadcasting-Handheld), 
HSDPA and HSUPA (High Speed 
Downlink/Uplink Packet Access), and 
ISDB-T (Integrated Services Digital 
Broadcasting-Terrestrial) . 

Symbian claims that 51.7 million 
smartphones using the company's tech- 
nology were sold to network operators in 
2006; it estimates that 110 million Sym- 
bian smartphones had been shipped by 
the end of last year. I 



GNAT Pro Takes Bite Out of Ada 2005 



BY P.J. CONNOLLY 

AdaCore announced in early March 
what it claims is the first Ada 2005 devel- 
opment environment, just weeks after 
Ada 2005 was formally approved by the 
ISO in January 2007. GNAT Pro 6.0.1 
supports the three ISO versions of the 
language: Ada 83, Ada 95 and Ada 2005. 
Ada 2005 contains improvements 
to the object-oriented programming 
features first introduced in Ada 95, 
with Java-like interfaces and familiar 
"object.operation" syntax. Ada 2005 also 
improves support for real-time systems, 
and new program structuring allows 
flexible interfacing with other languages 
including Java, and the use of mutually 
dependent package specifications. Oth- 
er enhancements in Ada 2005 address 



security and error-proofing, as well as 
the language's general expressiveness. 

The GNAT Pro update also features 
an improved version of GPS, the GNAT 
Programming Studio IDE. GPS 4.1.0 
includes an outline view for improved 
efficiency and usability, and supports a 
wider range of plug-ins than previous ver- 
sions. It also includes a so-called "smart 
completion" engine, and automatic fixes 
for more compiler errors than previous 
GPS versions, with the aim of smoothing 
the often-bumpy development path. 

In addition, GPS 4.1.0 adds support 
across all platforms for the Python 
scripting language; GPS now allows 
developers to use the PyGTK wrappers 
for interfacing with the GTK+/GIMP 
toolkit. I 
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The MontaVista Application Developer Kit is Eclipse-based for a more intuitive and accessible 
experience, and includes VMware-based virtualization. 

Real-Time Performance 
Wrung From Linux? 

MontaVista claims 'Pro 5' is faster, smaller OS 



BY P. J. CONNOLLY 

MontaVista Software announced in ear- 
ly April the immediate availability of 
MontaVista Linux Professional Edition 
5.0, which offers what the company 
claims is better-than-RTOS perfor- 
mance in a native Linux environment, 
and a memory footprint one-fourth that 
of previous releases. 

Patrick MacCartee, MontaVista's 
product management director, explained 
that the updated platform is actually 
"exceeding RTOS real-time capabilities. 
We're down to the 5-microsecond-and- 
shorter level on latency" on midrange 
Pentium 4 processors. He explained, 
"When we look at the demand for embed- 
ded devices, and what type of real-time 
performance requirements they have, 
5-microsecond latency meets 90 or 95 
percent of the real-time requirements." 

Pro 5, as the company refers to the 
operating system, can run in as little as 
3MB of flash RAM. It includes the 
updated GCC 4.2.0 compiler, which 
uses auto-vectorization, interprocedural 
optimization and location-list-based 
debugging to improve performance. It 
also marks the debut of DevRocket 5.0, 
the company's Eclipse 3.2-based graphi- 
cal IDE. DevRocket 5.0 includes inte- 
grated application development and 
debugging GUIs, as plug-ins that allow 
for advanced analysis. 

Pro 5 is built around the Linux 2.6.18 
kernel, with integrated real-time patch- 
es from Red Hat's Ingo Molnar. The new 
release offers additional support for 
IPv6, and USB On-The-Go, which 
allows device connectivity without 
requiring a host PC. 

At the same time, MontaVista re- 
leased new versions of its Application 
Developer Kit (ADK), and Platform 



Developer Kit (PDK), both of which are 
based on DevRocket 5.0. ADK 5.0 
includes a Linux virtual target based on 
VMware's free player technology that 
allows developers to begin writing appli- 
cations before the hardware design is 
complete. 

ADK 5.0 offers edition management 
support for MontaVista Linux (MVL) 3.x, 
4.x and 5.x installations, and provides 
build and debug access to the installed 
toolchains and Linux support packages. 
This includes a cross-architecture tool- 
chain, and the MVL Pro 5.0 glibc and 
ulibc toolchains. Dynamic toolchain 
selection allows developers more flexibil- 
ity within MVL projects, while so-called 
"managed make" extensions use the stan- 
dard C/C++ makefile format for applica- 
tion, library and kernel builds. 

Other management features in ADK 
5.0 allow the use of the Eclipse Remote 
Systems Explorer on MVL targets for 
file system and process management, 
automated debug and analysis, and con- 
sole services, all connecting securely 
over SSH. 

MontaVista's refreshed Platform 
Development Kit offers features that 
match those in the updated ADK, 
excepting the virtualization tools. PDK 
specifically includes a platform image 
builder that allows the replacement of 
kernel and user packages with cus- 
tomized code, and performs conflict 
analysis and dependency checking. The 
image builder writes to a variety of tar- 
get file systems and allows the use of 
multiple mount points with separate 
images. The trace analysis features in 
PDK 5.0 make use of the TimeDoctor 
plug-in for Eclipse to load and display 
trace files, for the better understanding 
of system events and behavior. I 
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Before talk can turn to standards and 

best practices, advocates of enterprise mashups 

say first it will be important... 



To Define 
What A 
Mashup Is 



BY LISA L. MORGAN 



Defining best practices for 
mashups would be a lot easier 
if there were a common defin- 
ition for mashups in the first place. 
There is a general consensus that 
mashups are a combination of data from 
different sources that were not initially 
meant to interact with one another. 
However, depending on one's perspec- 
tive, the definition of a mashup may 
change based on who created it (a devel- 
oper or nondeveloper) or whether or not 
it has visual elements. 

"Mashups are inherently visual in 
nature," said Ted Farrell, chief architect 
and vice president of tools and middle- 
ware at Oracle. "They bring together 
information from different sources that 
were not designed to work together." 

David Boloker, CTO of the Internet 
emerging technologies group at IBM, 
distinguishes static mashups from 
dynamic mashups. Static mashups are 
created by Web programmers; dynamic 
mashups are created by end users or line- 
of-business managers. An example of a 
static mashup is Housingmaps.com, he 
said, which combines data from Craigslist 
and Google maps. An example of a 
dynamic mashup is Chicagocrime.org, 
which provides hourly crime updates and 
maps of where crimes are occurring, 
among other things. 

Bob Brauer, CEO, president and co- 
founder of Strikelron, a provider and 
distributor of Web services through its 
Strikelron Web Services Marketplace, is 
not so sure the definition of mashups 
changes and said the term can be used 
interchangeably with situational applica- 
tions, composite applications and rich 
applications — all data-driven applica- 
tions that come from multiple sources 
that can be repurposed. 

Vendors acknowledge that mashups 
are being created by developers and non- 
developers alike, which creates a distinc- 
tion in itself. For one thing, developers 



generally have a more disci- 
plined approach to mashup cre- 
ation because what they design 
must have some sort of shelf life to justi- 
fy its expense. Conversely, nondevelopers 
may develop a mashup to solve a particu- 
lar problem without regard to its long- 
term value. 

"Developers tend to build applications 
that are more complex, which include 
things like exception handling," said 
Brauer. "Users are quick and dirty." 

Oracle distinguishes between enter- 
prise mashups and mashups created by 
consumers because "the bar is higher" for 
enterprise mashups, said Farrell. Con- 
sumers tend to be more concerned with 
interactivity and the "wow factor." By con- 
trast, enterprises care less about the wow 
factor and more about the business value 
of the mashup. 

TOOLS TO USE 

Developers and nondevelopers also may 
use different tools to develop mashups. 
Developers may have a preference for 
SO A, AJAX or Java, for example, or they 
may choose to use a mashup tool. Non- 
developers, such as line-of-business man- 
agers, are better served using a mashup 
tool that simply requires an understand- 
ing of data relationships. Because con- 
sumer-generated mashups are not con- 
strained by software development 
policies, methods or technologies of 
choice, they tend to be more innovative 
than enterprise mashups, according to 
Farrell. By contrast, companies like 
Boeing and GE are more concerned 
about SOA and the reusability of services. 
If you're creating a static mashup, you 
don't need that much AJAX, [because you 
can use] XML data that characterizes an 
AJAX-type interface if you're simply 
using longitude and latitude data and 
don't require social aspects or syndica- 
tion," said Boloker. "Up the chain you see 
huge amounts of aggregation, so you 







need a widget library to choose from so 
you can go and get services." 

Mashup tools such as Adobe Systems' 
Flex, IBM's QEDWiki, Oracle's Web- 
Center and Strikelron's SOA Express for 
Excel simplify and expedite the process 
of creating mashups. One of the biggest 
advantages is enabling developers and 
nondevelopers to combine software 
assets without having to know how SOA, 
AJAX or JavaScript actually works. 

Oracle Fusion Middleware assumes a 
more sophisticated type of user. It 
includes an application development 
framework that enables developers to cre- 
ate mashups for Web pages and mobile 
devices, as well as collaborate in a devel- 
opment environment so they can bring 
more things together. Oracle is building in 
chat so developers can chat and share 
code as well as access wikis and forums. 

As mashups become more complex, 
they may grow into applications, busi- 
ness processes or sets of services. An 
early example of that is Yahoo Finance, 
said Phil Costa, Flex product manager at 
Adobe. Yahoo Finance feeds stock price 
information into a Flash chart and plots 
it out over time. On the same page are 



news stories that are built into the UI 
using Java, AJAX and Flash. 

Adobe recently featured a mashup 
that tracked a bike race. It combined 
real-time positioning information from a 
GPS device located on a bike helmet or 
rider's shirt and real-time video from 
trucks. The result was time-synced loca- 
tion maps and video. 

Some Oracle customers are using Ora- 
cle Fusion to place presence servers into 
chat, VoIP call and e-mail applications. 
Others are using Oracle's CRM solutions 
to mash up Google or Yahoo maps with 
customer records so salespeople can 
instantly see where customers and 
prospects are located. 

One of the main benefits of design- 
ing a mashup in the first place is reuse. 
Like composite applications, the cre- 
ator can combine existing elements 
into something new. Composite appli- 
cations arguably differ from mashups, 
mainly in terms of who creates them 
and how. 

A THREAT TO DEVELOPERS? 

Paul Raymond, director of Accuweather's 
commercial division, thinks mashups 
threaten the role of the developer. IBM's 
Boloker disagreed, saying that developers 
are merely unleashing access to informa- 
tion and giving nondevelopers the ability 
to create tools that will make them more 
productive. All nondevelopers really need 
to create a mashup is access to informa- 
tion and an understanding of data rela- 
tionships. From a program management 
standpoint, Boloker said his group has to 
look at what data is required for mashups 
and widgets so business people can get 
access to the information they need. 

Strikelron's Brauer said a lot of devel- 
opers might misinterpret this coming of 
age as a danger because more people can 
create applications. What they don't real- 
ize, he said, is that developers can control 
the data sources because they are cen- 
tralized in IT. And because the data is 
centralized in IT, there is visibility into 
the usage of data, which is important. 
There may also be another benefit, he 
said: A business person creating a 
mashup could come up with a prototype 
that is later refined by developers. 

Boloker warned that if business peo- 
ple are going to create mashups, one 
would hope they would capture the 
output for later or regulatory use. IBM 
is working on a proof of concept that 
will have a front end composed of dif- 
ferent mashups. The different pieces of 
information will not necessarily inter- 
act, but the end result will be more ana- 
lytical. For example, if an executive was 
looking at his company's stock price, his 
actions could be analyzed in light of 
SEC rules and regulations prohibiting 
insider trading. 

Mashups can also provide a quick and 
relatively easy means of solving usability 
problems and improving user experi- 
ence. From a design perspective, that 
continued on page 37 ► 
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Too Soon for Definitive Standards? 

W3C, others say there is work to be done on technologies that underlie mashups 



BY JEFF FEINMAN 

The world of mashups can be a chaotic 
one, with little structure and order 
when it comes to the methods that 
developers use to merge data from var- 
ious sources. Though the nature of the 
beast seems to preclude the develop- 
ment of standards expressly for 
mashups, various technologies that can 
be integral pieces of mashup creation 
are being enhanced, and standardized 
when appropriate. 

When asked if the World Wide Web 
Consortium is currently considering any 
particular standards for the creation of 
mashups, Lee Feigenbaum, chair of the 
W3C's data access working group, said 
that it is more accurate to think of the 
organization's efforts as a "continuum of 
technologies." The vast majority of 
mashups, he said, are based off of 
HTML, CSS and JavaScript, so those 
core technologies play a large part in 
their creation. 

"The W3C doesn't have a mashup 
activity or working group," Feigen- 
baum said. "Instead, it has a variety of 
groups whose technologies could be 
used in certain cases for producing 
mashups. If you're only dealing with 
XML data, XQuery might be the best 
way to unify that data. SPARQL 
[SPARQL Protocol and RDF Query 
Language] might be good for data from 
disparate sources. As far as the meat of 
the W3C mashup picture, I think it's 
better to look at it as technologies all 
contributing to faster, more agile 
developments of mashups." 

STRUGGLING OVER STANDARDS 

Dan Gisolfi, IBM's executive IT archi- 
tect for emerging Internet technolo- 
gies, said he thinks that at this point 
in time, mashup technologies are too 
new for the creation of standards. "It's 
similar to any other emerging tech- 
nology, where you're going to follow a 
curve," Gisolfi said. "Up front, there's a 
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lot of innovation. And then the amount 
of innovation becomes confusing, so 
we'll need some consolidation. Right 
now, I'm suggesting the need for con- 
solidation isn't necessarily there yet 
because there's still a lot of innovation 
going on." 

Nonetheless, IBM has been pushing 
its Web 2.0-based mashup maker, 
QEDWiki, and Gisolfi appeared to be 
very high on its potential. QEDwiki is 
wiki-based, and can run in a Web 
browser without the need for special 
plug-ins. Mashup creators can create a 
wiki page and select from different 
widgets. Users can then mash rich con- 
tent from different sources and work 
with the specific information they 
need. They then have the ability to 
send links to other people so that 
mashups can be shared. 

"The reason I believe in this tech- 
nology so strongly is that it's probably 
the easiest technology I've ever had to 
deal with while facing a customer," he 
said. "Once you show the customer 
what you're doing, light bulbs go on; 
they get it. [With QEDWiki], we're 
going to go out there and demon- 
strate how mashup creation should be 
done." 

Some smaller companies that have 
delved into mashup creation also said 
there are no definitive standards on the 
horizon. Officials of TopQuadrant, a 
company that offers Semantic Web 
solutions, said that they are not push- 



'[The W3C] has a variety of 
groups whose technologies 
could be used in certain 
cases for producing 
mashups.' 

—Lee Feigenbaum, chair of the W3C's 
data access working group 



ing for any particular format for the 
creation of mashups. 

"Mashups are, by definition, a merg- 
er of information from multiple 
sources," said Barbara Reichert, a 
spokeswoman for TopQuadrant. "As 
such, nobody is in a position to say, 
'Here is the best format for mashups.' 
You have to be willing to make do with 
whatever you find. So there can be no 
sensible recommendation for formats." 

Jeremy Suriel, CTO and chief archi- 
tect of Goowy Media, a San Diego- 
based company that specializes in Web 
desktops and Webtop mini-applica- 
tions, said he prefers widgets that are 
RSS-based when integrating, or mash- 
ing up, with external services. The com- 
pany's widget provider, yourminis.com, 
benefits from using an RSS/Atom- 
based API because most of the "plumb- 
ing code," such as parsing and data 
extraction, can be reused. One disad- 
vantage is that those APIs usually do 
not offer the same level of information 
and querying capabilities that would 
exist in a proprietary API. 

"I find that when people adopt and 
correctly adhere to data standards, 
consuming data becomes less complex 
and makes for better integration," 
Suriel said when asked about possible 
mashup standards. "I would love to 
see more use of Dublin Core exten- 
sions [for metadata representation in 
HTML and XHTML documents] with- 
in RSS feeds, common date formats, 



THE MAKERS OF MASHUPS 



Many technologies being proposed by the W3C for standardiza- 
tion can serve as key technologies in the creation of mashups. 
Here are the meanings behind the acronyms and initials: 

SPARQL: (Pronounced "sparkle") The SPARQL Protocol and 
RDF Query Language allows conjunctions, disjunctions, option- 
al patterns and triple patterns consisting of a subject, predicate 
and object. Proposed as a W3C standard. 

GRDDL: (Pronounced "griddle") Gleaning Resource Descrip- 
tions from Dialects of Languages is a markup format for getting 
RDF data out of XML and XHTML documents, using transfor- 
mation algorithms that are typically represented in XLST. It is 
currently a W3C working draft specification, with a recommen- 
dation expected in July 2007. 

XQuery: A W3C recommendation, this is an XML guery mark- 



up language that labels the information content of data 
sources. Examples of these are structured and semi-structured 
documents, relational databases and object repositories. From 
the simplest perspective, it does for XML what SQL did for 
databases. 

RDF: Resource Description Framework is a collection of W3C 
specifications that are a principal component of the consor- 
tium's vision of the "Semantic Web." It is a metadata model that 
is often used generically to model information. 

RSS: Really Simple Syndication, formerly RDF Site Summary, is 
an XML-based Web feed format that is commonly used to sub- 
scribe to blogs, news and digital media feeds from Web sites. 
Not currently a W3C specification, it is published by the RSS 
Advisory Board. 

—Jeff Feinman and David Worthington 



and more standardization and use of 
micro formats within XHTML pages." 
He also said that security is one of the 
biggest concerns to developers using 
mashups, as the access of multiple ser- 
vices requires a certain level of trust by 
the user. 

KEY ELEMENTS 

Though neither GRDDL (Gleaning 
Resource Descriptions from Dialects of 
Languages), a mechanism for extracting 
RDF (Resource Description Frame- 
work) data from XML and XHTML doc- 
uments, nor SPARQL is chartered 
specifically as a mashup standard, they 
both can play an integral part in the cre- 
ation of mashups. Many mashups today 
are based on screen-scraping, extracting 
text data from a Web page, but GRDDL 
offers an RDF representation based on 
transformation algorithms, which are 
typically represented in XSLT 

When a mashup creator uses 
SPARQL queries, he or she is essential- 
ly defining his or her own API, accord- 
ing to Feigenbaum. It might be too 
impractical for a mashup creator to grab 
entire documents from multiple Web 
sites, so SPARQL queries can seek out 
the necessary data interface. SPARQL 
query data does not need to be natively 
represented in RDF because GRDDL 
can tweak SPARQL results to allow 
RDF display. 

SPARQL was submitted as a candi- 
date recommendation last summer to 
the W3C, which placed it two steps 
away from final recommendation, but a 
few months later it dropped down to 
working draft status due to what 
Feigenbaum called a "few bugs." How- 
ever, Feigenbaum said he and his team 
will publish the last full draft of the 
specification by the end of April, so 
SPARQL may be only a few months 
away from becoming a full-fledged 
recommendation. 

RDF is a graphical data structure 
that many sources have labeled an ideal 
element to the creation of mashups. 
Many say that RDF s simple data model 
and ability to model disparate concepts 
are why it is a strong source for 
mashups. 

"RDF is a flexible data model to 
integrate data from different native 
representations," Feigenbaum said. 
"XML is a tree structure, and if you're 
integrating stuff, you're also going to 
need to have a structural integration 
and find places to put the different 
sources of data. If you're integrating 
with an RDF graph, you still need to 
have this idea of shared vocabulary at 
some point because you won't be able 
to integrate, but you don't need to wor- 
ry about structure. The data merges a 
little more seamlessly." I 
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Hackistan leader shakes 
confidence of I.T. world. 

Conventional firewalls unable to withstand expected onslaught. 



The conclusions of the Hackistan Study 
Group (HSG) offer an alarming assess- 
ment of the hacking threats posed by 
this rogue nation. 

Hackistan has toyed with security profes- 
sionals ever since a state-sponsored team of 
digital terrorists hacked into the FAA database 
and put Harry Truman on a no-fly list. But the 
situation is worsening, as the report cites "an 
alarming investment in Hackistan' s elite Bot 
Army/' It noted that "the growing sophistication 
of their logic bombs, Trojans and SQL injection 
techniques is gravely disturbing/' 

Many are banking on California-based 
Fortify Software, a leader in software security, to 
neutralize these threats. Commenting on Fortify' s 
groundbreaking approach, the report said that 
"protecting applications at the code level is 
increasingly being viewed as the only viable path 
to creating confidence in a very dangerous world." 

Contacted at Fortify' s global headquarters, 



John M. Jack, the company's CEO, was 
undaunted by Hackistan' s bluster, 
commenting that "true, for the rest of 
the security industry they are a devas- 
tating threat. For us, they're amateurs 
who couldn't break into my daughter's 
Kevin Federline lunch box." He added 



"We are able to identify and fix vulnerabilities 
throughout the entire development process. We 
anticipate that frustrated hackers, hungry and 
broke, will have to move back in with their 
parents in record numbers." 

No Hackistan official was available for com- 
ment, but a blog post that is believed to come 
from a senior Hackistan official (or even 
Lifetime Despot Zorkul himself) mocked the 
security efforts of government and industry, 
saying that "the chances of the world getting 
serious about code security are about as likely as 
John Jack waking up with a full head of hair." 



"The study group warned against 
pro-Hackistan propaganda that appears on 
web sites like www.discoverhackistan.com." 




Lifetime Despot Zorkul 
of Hackistan 



CEO Jack fired back: "I have ultimate 
confidence that our products Fortify SCA, 
Fortify Tracer and Fortify Defender will block 
Hackistan' s nefarious plans. Zorkul' s desperation 
is also apparent; he has chosen to attack me on 
the follicle level because they are powerless to 
reach us on the code level." 



Leading the fight against 

Hackistan is an innovative 

high-tech company called Fortify 

Software. The company said it will 

not rest until Hackistan is turned 

into a Club Med vacation spot. 




REPRINTED FROM GLOBAL SECURITY UPDATE, JANUARY 2007 • JOIN THE FIGHT AGAINST HACKISTAN • GO TO WWW.FORTIFYSOFTWARE.COM. 
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Finding a Definition of Mashup 



< continued from page 33 

means designing from user interaction 
backward, said Adobe s Costa. 

Within the enterprise, mashups are 
being created using maps to show the 
status of assets such as cell towers or 
trucks, or to provide the real-time loca- 
tion of employees. Jim 
Hirsch, director of knowl- 
edge management solu- 
tions and e-business at 
management consulting 
firm Robbins-Gioia, also 
sees knowledge manage- 
ment creeping into the pic- 
ture, reflecting a My Pro- 
file concept. 

"If you mash informa- 
tion around other services, 
the organization gets 
smarter," said Hirsch. "For 
example, a skills index and 
an expert index can be 
mashed into a profile so 
projects can be aligned 
with skills." 

Hirsch also said knowledge-based 
mashups can help bridge the gap 
between Generation Y employees, who 
are avidly adopting Web 2.0 social tools, 
and the retiring Baby Boomers, who 
serve as mentors and have deep knowl- 
edge about best practices. 




Many developers see the rise 
of user-created mashups as a 
danger, says Strikelron's Brauer. 



The main benefit of mashups for 
enterprises is speed and agility, because 
mashups can be created in a matter of 
minutes or hours. In a knowledge man- 
agement context, they can be used to 
reuse information that would otherwise 
remain hidden in applications silos. 



IT'S BUSINESS 

Most IT shops do not yet 
comprehend how mash- 
ups will affect their infra- 
structure. Oracles Farrell 
said most tend to ask Ora- 
cle or Gartner (a market 
research firm) how mash- 
ups will affect them. 

"The questions cus- 
tomers ask really depend 
on their size," said IBM's 
Boloker. "About a third 
don't know what Web 2.0 
is — it's more than AJAX, 
collaboration, standards, 
audio/video and integrat- 
ing those together." 
One of IBM's customers is currently 
using its QEDWiki to combine data 
from dissimilar systems for trading pur- 
poses because they are interested in 
post-processing. Another one — a home 
goods dealer — is aggregating store loca- 
tion data, combining it with information 



about the hottest selling items per store 
and aggregating that information with 
information about outside weather and 
severe weather alerts. The store manag- 
er can track the weather hourly to deter- 
mine whether or not he should pull 
items that would be damaged by adverse 
weather conditions. 

Boloker also said the Environmental 
Protection Agency is looking at environ- 
mental protection, oil spills and pan- 
demics in an effort to figure out whether 
they are moving toward a particular 
location. Similarly, a commodity trading 
broker is tracking cargo to protect it 
from piracy and weather. 

Many do not understand what 
mashups can and cannot do. Adobe's 
Costa said his customers have a general 
idea, but they may not have uncovered 
how they can make data available from 
key business systems. And they may not 
know which interfaces to expose until 
they need them. 

"It's easy to expose data sets via XML, 
but you need to consider the security 
model and confidentiality outside the 
company," he said. "If you're overly 
secure, you'll quell innovation. You need 
to provide a customizable dashboard 
that allows business people to build 
mashups and monitor KPIs." 

He also said most people haven't for- 



malized the process of combining infor- 
mation or developed a general means of 
pattern recognition, which is important. 
Trend analysis and pattern matching are 
more important than the data itself, par- 
ticularly given the power of visual mod- 
els and the need to make adjustments 
based on events. 

"Combining business data, graphics 
and analysis is very powerful," said Cos- 
ta. "If you create a product selector, it 
gives people a way to organize data in 
their own way, such as within a given 
price range." 

TOO EARLY FOR BEST PRACTICES 

"It's a bit early to try to figure out 
what best practices are at this point 
because we see new things every day," 
said Farrell. "A lot of it might be cool 
or interesting, but the question is 
whether it makes sense [in an enter- 
prise context]." 

Boloker agreed, stating that mashups 
are really in the beginning stages, partic- 
ularly with enterprises. Enterprise 
developers are willing to experiment 
with mashups, but they're also consider- 
ing issues like governance. 

Strikelron's Brauer and Adobe's Costa 
think it's never too early to think in terms 
of best practices — but thinking seems to 
be the operative word at this point. I 
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FROM THE EDITORS 

Lack of Mashup Standards 

What is a mashup? Chances are that your definition doesn't match 
ours, or that of your colleagues down the hall or across the street. 
How should mashups work? Ask five development managers, and you'll 
get five different answers. What standards should govern mashups? 
Beyond Web services, the WS-* stack and the REST stack, there's again 
little agreement. 

That is a good thing, because mashups are too new, and are evolving 
too rapidly, for creativity and innovation to be stifled by standards. 

SD Times, like many in the software development industry, has a 
love/hate relationship with both de facto industry specifications and de 
jure legitimate standards. Where solid standards exist, and where those 
standards are built atop vendor-neutral best practices, we are generally 
in favor of them — as we are with anything that improves interoperability 
and minimizes the potential for vendor lock-in. 

However, we also know that standards, when they appear too early, 
can have a detrimental effect on technology evolution. Freedom to inno- 
vate is what's needed — not only for big software companies, but also for 
small software companies, open source projects, ad hoc industry groups, 
consultants and development teams within enterprises. 

Of course, some development teams may hesitate to work on mashups 
because of the lack of standards (and because of worries that their work 
will need to be redone when standards do emerge). That's a natural con- 
cern. However, the benefits from mashups — both on a large scale and in 
more narrowly defined areas — can be tremendous and offer immediate 
value to the enterprise and its customers. 

So, don't let the lack of mashup standards deter your efforts. You 
should celebrate the lack of standards, and resist efforts from software 
companies to push specific techniques or drive the development of stan- 
dards at this early phase of mashup evolution. Now is a golden opportu- 
nity for experimentation. Let's not cut this phase short just to satisfy the 
industry's seemingly bottomless appetite for standards. 

Browsers Aren't Easy 

The past is behind us. Individual systems don't matter. Standalone 
rich clients are done for. The days of 10 different Unix versions 
and 20 different desktop operating systems are long gone. We've got 
the Web now, and it's a unified, compatible and highly flexible plat- 
form, right? 

Well, yes and no. While Webifying every little aspect of your business 
may be a top priority, it's also a very tricky proposition when you consid- 
er the browsers your customers will be using. Building an AJAX applica- 
tion that will behave the same way in Firefox, Internet Explorer 7, Opera 
and Safari is a task that has toppled many a development project, new 
though the issue may be. 

Despite the convergence of media on the Web, it is the browser that 
is now the biggest pain point for most development teams. Rather than 
building an application once and forgetting about it, the task now 
becomes building an application once for Firefox, once for Opera, once 
for mobile browsers, once for Internet Explorer, once for Safari, once for 
Lynx. . . the trail of tears never seems to end. 

Who's to blame? The Mozilla Foundation would say that everyone else 
is screwing up the language that its predecessors designed (JavaScript), 
Microsoft would say that everyone else is messing around with its XML, 
and Apple would complain that it picked a bum horse when it saddled 
Safari on top of KHTML. 

While placing blame gets tougher every year — the various browsers 
innovate in their own ways and extend functionality in new and exciting 
proprietary ways — the further apart the browsers become, and the more 
money Adobe makes from newcomers who see Flash as the solution: 
After all, Flash applications run the same in every browser. Every graph- 
ical browser, anyway. I 
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eve all heard this stern admonition 
from our mothers all our lives: 



Better safe than 



sorry 



Lon Macvittie 



When it comes to the Internet and 
security in software development, howev- 
er, this adage of wisdom tends to be 
ignored. It's all about "time-to-market" 
and "get ahead of the competition." Both 
quality and security of software have been 
sacrificed to the gods of "get out there 
first." Security experts and practitioners 
have tried to remind us that an ounce of 
prevention is worth a pound of cure, but 
they've largely been ignored 
and even ridiculed as little more 
than paranoid fearmongers. 

That's OK. I've been called 
worse. After all, you're not 
paranoid if they really are out 
to get you. And yes, it's fairly 
obvious to anyone paying 
attention that the bad guys 
really are out to get us — or at 
least our personal, private, 
secret information. 

THE UGLY TRUTH 

Let's face reality instead of pretending 
the Internet is a digital Walden Pond. As 
consumer use of the Internet has bal- 
looned, we've seen imagined threats grow 
into real attacks, time and time again. As 
new technologies are introduced and 
adopted, vulnerabilities are discovered 
and exploited. Security-paranoid pundits 
warned that as the Firefox browser grew 
in popularity, the number of attacks and 
exploits available for the burgeoning plat- 
form would grow as well. While there is 
still contention regarding the way in 
which the statistics are presented, these 
arguments are largely irrelevant and 
merely mask the ugly truth: The paranoid 
security pundits were right. 

Now consider the newest technology 
craze sweeping the Internet: AJAX. 
Developers are all agog over AJAX, and 
with good reason. Toolkits like Dojo, Zim- 
bra and a plethora of open source and 
commercial offerings have given us that 
which we have long desired: sexy, easy-to- 
implement user interfaces that act more 
like fat clients than Web pages, without all 
the cross-browser compatibility issues. 

How could we resist? Just whip up a 
few server-side scripts to deliver compo- 
nent-specific data to go with that sexy 
interface and — voila — real-time, interac- 
tive applications in a browser requiring 
very little mucking around with XML and 
XSL or any other of those newfangled 
X-prefixed markup languages. AJAX 
opens up new opportunities for collabo- 
ration and interaction with people and 
systems. It gives a face-lift to existing sites 
and energizes the imagination of devel- 
opers, enabling them to dream up and 
develop the next killer site on the Inter- 
net. It is, quite simply, an addictive tech- 
nology for developers. 




But for hosting providers and enter- 
prise-class organizations, there's some- 
thing missing in the AJAX equation: 
security. And there is a growing aware- 
ness of XML-based markup languages 
on the seedier side of the Internet that 
will eventually spread like chickenpox 
through a kindergarten class. 

YOUR APP, YOUR PROBLEM 

Let's assume for a moment — excuse me 
while I try to stop laughing — that we're 
able to write 100 percent secure code 
ourselves. Our code has no 
possible paths of exploita- 
tion, no vulnerabilities; it's 
invulnerable. 

Unless you've written 
every line of code yourself, 
or validated every line of 
code in that Web 2.0 toolkit 
you're using, you're still at 
risk. Remember the zlib 
exploit? Any code, especially 
third-party code, introduced 
into your application raises the risk that 
your application is vulnerable because 
you don't have control over that code. 
And that's assuming that we can write 
100 percent secure code in the first 
place, which we all know from experi- 
ence just doesn't happen. 

The fact that we're now talking about 
a technology that's implemented via a 
human-readable scripting language sim- 
ply raises the probability — not possibili- 
ty — that there are vulnerabilities present. 
Not only do scripting languages make it 
easier to find and code exploits, but now 
you're executing logic on the server and 
the client, and you've got to concern 
yourself with both sides of the equation. 
Whether your Web 2.0 application uses 
XML or JSON, JavaScript is involved, 
and that introduces the possibility that 
malicious code can be delivered to the 
client and wreak havoc on the end user. 

The response to most published 
JavaScript advisories in the past has 
been: "I have JavaScript disabled." That's 
well and good for traditional applica- 
tions, but we're talking about Web 2.0 
here. It relies on JavaScript and there- 
fore assumes the burden of both third- 
party libraries and the scripting engine in 
the browser, not to mention the browser 
itself. Any vulnerability in these entities 
affects the security of your Web 2.0 
application, and pointing fingers at a 
third party is not an answer your cus- 
tomers or users will accept. It's your 
application; therefore it's your problem. 
Go ahead: Try to explain the assign- 
ment of responsibility for security 
between that Web 2.0 library and your 
code to a user. If they've had their iden- 
tity or personal data compromised, I can 
guarantee they — and any applicable reg- 
ulatory agencies — don't give a damn. 
They aren't interested in understanding 
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whose code is really at fault; they just 
want someone to blame, and it was your 
application they were using. 

Perhaps of even greater concern is 
the possibility of exploitation of server- 
side code and applications through your 
code or third-party toolkits. Traditional 
Web-based attacks based on cookie tam- 
pering and code injection are just as 
valid in a Web 2.0 world as they are in 
the "legacy" Web world. If you aren't 
validating and scrubbing the data in both 
directions, then you're taking unneces- 
sary risks with your corporate data — 
data that ultimately may be protected 
under a plethora of regional, state and 
federal laws. 

Web 2.0 applications are by their 
nature component-centric. Toolkits and 
the paradigm lend themselves to the 
creation of multiple scripts on the server 
to support a single "page" in the applica- 
tion. Every script must necessarily con- 
tain code to validate data and ensure 
validity of user access. 

So you have a higher number of 
scripts, which equals more code that 
could be vulnerable, and to top it all off, 
you mix in some XML. The use of XML 
as the application-layer transport for data 
only makes security more difficult, pri- 
marily due to the lack of a well-defined 
schema for Web 2.0 messages. While 
XML can be strongly typed, it rarely is, 
which leaves it up to you to determine 
what an appropriate length and data type 
will be for each and every field. Assuming 
you can accomplish this, you'll need to 
back up one level and determine how 
best to protect XML from its biggest 
threat — itself. The self-defining aspects 
of XML make it vulnerable to a number 
of attacks based on its very structure. 
Those attacks direct themselves not at 
you or your application, but at the parser 
used to turn that XML into something 
useful to your application. No amount of 
coding on your part can mitigate this par- 
ticular risk. 

Are you starting to get paranoid yet? 
You should. 

MOTHER KNOWS BEST 

Between toolkits, the nature of XML, 
server-side scripts and JavaScript there 
exists an attack vector comprising some 
million or more possible exploits for your 
sexy new Web 2.0 application. Have you 
got them all documented? Have you test- 
ed against each one? I doubt it. 

This isn't the dot-com era, folks, and 
the punishment for messing up these 
days isn't just a bad reputation and lost 
revenue; it can mean heavy fines and 
even prison time for the people who cut 
your paycheck. 

Remember, you aren't paranoid if they 
really are out to get you. Trust me, they are 
out to get you. So this once, listen to your 
mother: It's better to be safe than sorry. I 

Lori MacVittie is technical marketing man- 
ager at F5 Networks, which sells appli- 
cation and network security products. 



LETTERS TO THE EDITOR 

Right All the Time 



No more left turns? According to Unit- 
ed Parcel Service (UPS), turning left 
wastes time, fuel and introduces risk. So 
"Brown" has more or less banned the 
practice of turning left as a business 
process optimization measure. Why do 
organizations go to these lengths to 
wring pennies and seconds from their 
processes? Because seconds count and 
because those organizations have 
matured their processes to the point that 
they're highly optimized and only highly 
incremental improvements can be 
made. 

If UPS is an example of truly opti- 
mized business process, software devel- 
opment is its perfect counterpoint. 
We're all familiar with the storied histo- 
ry of software project failure. While the 
rest of business is subject to close scruti- 
ny and deep analysis, software develop- 
ment processes are left to chance. Why? 
Because software development has 
always been considered a black art — a 
highly creative, spontaneous and 
unstructured craft that can't be 
rushed — or even closely managed. 

Of course, software development is a 
creative process, and it will never have 
the uniform repeatability of something 
like shipping packages. But just the 
same, software development is a busi- 
ness process — and a costly and highly 
valued one at that. Allowing the prepon- 
derance of software development pro- 
jects to whither on the vine because of 
an outmoded perception that software 
development is a gestalt that can't be 
fully understood and held to business 
standards is a convenient argument 
without merit. 

A key part of optimizing software 
development processes is helping orga- 
nizations to understand the use of time. 



How much time is spent actively coding, 
debugging, building, testing software? 
What is the relative allocation of time 
across projects? This empowers organi- 
zations to align resources to the highest 
yield outcome. 

Typically this sort of data would 
come at an excessive cost: developers 
distracted from their core responsibili- 
ties and subject to manually entering 
their time. Of course this is directly at 
odds with the mandate of process opti- 
mization. This is a key opportunity for 
automation. Software engineers, like 
many knowledge workers, spend the 
majority of their time in computer- 
based tools and applications. With the 
richness of today's technologies, it is 
now possible to tap into these tools to 
automatically extract data about the 
execution of the software development 
process — without distracting the 
developer or requiring them to work 
differently. 

This sort of automation will create 
unprecedented visibility into software 
development processes, empowering 
organizations and helping to eliminate 
the proverbial left turns that contribute 
to software project failures. The good 
news is that this isn't science fiction. 
Some software development organiza- 
tions are doing this today, particularly in 
the context of offshore development 
where visibility and managerial control 
are major challenges. 

Greg Burnell 

CEO 

6th Sense Analytics 

Letters to SD Times should include the writer's name, 
company affiliation and contact information. Letters 
become the property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 



Visualization Gains 

In Development Deployment 

Virilization is being used as a solution for pro- 
duction deployments as often as it is used as a 
development tool, according to a recent 
Aberdeen Group report titled "Justifying the 
Cost of Uptime." The survey of 140 companies 
indicates that while just under a third of the sam- 
ple was not using virtualization in any way, about 
2 out of 5 respondents had adopted virtualiza- 
tion for application staging. 

Most telling, more than half of the respon- 
dents indicated that they had adopted virtualiza- 
tion methods during application development, 
while the same number are using virtualization 
on production systems. The report also notes 
that 3 out of 5 respondents are using shared 
storage; 34 percent installed a storage sharing 
setup as part of implementing virtualization, 
while 28 percent already had one in place. 
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> JAVA"* TECHNOLOGY IS NOW OPEN-AND SO ARE THE POSSIBILITIES 

The 2007 JavaOne 5M conference has expanded and is definitely one conference you won't want to miss. With the decision 
to open source Java™ technology, 2007 marks a major milestone for the Java platform. Whether your passion is scripting 
languages, open source, SOA, Web 2.0, mashups, or the core Java platform, this is a conference that has something for 
almost all technology developers. 



LEARN MORE ABOUT: 

> Scripting 

(JavaScript'" Programming Language, PHP, Ruby on Rails, Python, and More) 

> Open Source and Community Development 

> Integration and Service-Oriented Development 

> Web 2.0 Development 



>AJAX 

> Java Technology and the 
Core Java Platforms (ee/se/me) 

> Compatibility and Interoperability 

> Business Management 



""$100 

Register Today! 



Please use priority code: J7PAMT 

* Content subject to change. 
** Offer not available on-site. 



Attend the JavaOne conference, and you will have many opportunities over the 
course of four days to network with like-minded developers; attend in-depth 
technical sessions; engage with your peers in Hands-on Labs and BOFs; and 
experience general sessions featuring speakers from Intel Corporation, Motorola, 
Oracle, and Sun Microsystems. Meet face-to-face with leading technology 
companies, and test-drive the latest tools and technologies shaping the industry. 
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The research arm of BZ Media (pub- 
lisher of SD Times) periodically 
releases results from studies it makes of 
the software development marketplace. 
One study it runs annually is an assess- 
ment of the Java market. The resulting 
document provides quantitative year- 
over-year snapshots of movements in 
the Java market, from which trends and 
sudden shifts can be identified. In this 
column, I want to examine a few of the 
market changes that appear in the 
recently released report from Decem- 
ber 2006. 

The most notable trend is the decline 
of enterprise Java (which includes both 
J2EE and Java EE). Whereas in 2003 
the number of sites using or planning to 
use enterprise Java was at 67 percent, 
that number had dropped to barely over 
60 percent. What's interesting about this 
number is that until 2006, the number 
drifted down very slowly, but steadily. 
Then in 2006, it suddenly dropped 5.5 
percent. 

While the survey does not reveal 
causes, we can extrapolate certain possi- 
bilities. Ruby aficionados are likely to 
believe that Ruby on Rails (RoR) is 
responsible for part of the decline, but I 
doubt this explanation. RoR replaces 
smaller-scale projects of the Tomcat- 



Trends in Java 

cum-JDBC variety rather than J2EE 
apps; RoR has never held itself out to be 
an enterprise solution. Rather, I think 
the decline comes from one factor: The 
complexity of J2EE is forcing sites to 
seek other options. One option that 
would sustain the enterprise Java figures 
is Java EE, but there is only one 
app server that currently sup- 
ports it: Suns Glassfish. If the 
other app server vendors 
(notably, IBM, JBoss and 
BE A) release Java EE imple- 
mentations, I expect the Java 
enterprise numbers would 
begin to rise again. But I 
doubt this will happen soon. 
IBM's Rational family of 
IDEs has no support for Java 
EE 5, at present. And Eclipse 
has only minor, incipient support. The 
irony is that Java EE is a big step for- 
ward. But you'd never know it from the 
market or the press. Sun has its work cut 
out for it. 

The expected diminution in Java SE 
that Ruby could have brought, and many 
people say is bringing now, does not 
appear in these figures. J2SE usage 
actually increased in 2006. Not by much, 
but it increased nonetheless. 

Among specific Java server tech- 
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nologies, the largest gain was notched 
by JSF. The numbers for JSP dropped 
commensurately. I suspect this trend 
will continue; and in a few years, pure 
JSPs and Struts will both be viewed as 
legacy code. 

Among application servers, the Big 
Three — in order: IBM, JBoss and BEA — 
have maintained their same 
respective positions. All, how- 
ever, saw declining numbers in 
2006. The two big increases in 
app servers were Apache 
Geronimo, at 12 percent of 
sites; and Glassfish, already in 
use at nearly 5 percent of sites. 
Among tools vendors, all 
the major IDEs had increas- 
es. The biggest gain was by 
Sun NetBeans, which is now 
in second place, having passed the 
Rational products in 2006. I recently 
reviewed NetBeans for Info World mag- 
azine, and was impressed by version 5.5. 
However, the 6.0 release, which should 
be out in May, looks much better yet. 
It's worth downloading a beta from 
netbeans.org just to have a look-see, 
especially if you're tiring of the heavy 
feeling of Eclipse, which remains in first 
place in the survey by a sizable margin. 
Emacs usage predictably fell off, as did 



IntelliJ IDEA. This latter drop surprises 
me because of how widespread the 
admiration for IntelliJ is. I suspect that 
it's due to the fact that the gap it has 
maintained over the other IDEs is clos- 
ing, and so there is not quite enough 
advantage for it to gain new adherents. 
It would be a shame to see this trend 
continue. IntelliJ remains the most intu- 
itive and intelligently designed Java 
IDE. One problem is that the IntelliJ 
folks do nearly no marketing, so they are 
heavily dependent on word of mouth. 
When Java was truly a community, that 
could work, but not so much today. 

What is clear is that enterprise Java is 
going through a transition. It's hard to 
tell exactly what the causes are, and it's 
difficult to see if the dip is a trend or a 
one-time event. Much will depend on 
the uptake for Java EE 5 during this cal- 
endar year. Java, as a whole, does not 
seem terribly affected by the Ruby or 
RoR phenomenon. Again, this could 
change during the coming year, although 
I think it's equally likely that the advent 
of JRuby will give Java technologies a 
new role. JRuby could well be the first 
widely used scripting language in Java. 
There's lots to see. I'll pick up this theme 
after next year's study, and we can see 
how things have progressed. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 



A Pwn in the Game of Life 



I've been pwned. I work with globally 
distributed teams, and it's often the 
case that we coordinate our work via a 
development-tool server located at a 
commercial Internet host. In this case, 
the client chose a host whose front page 
boasts of hosting more than 700,000 
Web sites and prominently features a 
"Hacker Safe" blaze provided by 
ScanAlert. We rented several dedicated 
machines running Windows Server 
2003. 1 received a root account and pass- 
word and started installing. 

I don't normally do systems adminis- 
tration tasks, but the deployment archi- 
tecture for this system was somewhat 
complex, and the client asked me to do 
the installs. Perhaps accepting was a 
grave mistake — I'll certainly hesitate 
before touching an Internet-attached 
operating system again — but it didn't 
seem like a big deal: Install the various 
applications, service packs for SQL 
Server, and be reasonably careful about 
user names and passwords. 

The work took several days but didn't 
have any obvious problems. My disci- 
pline on passwords and default accounts 
was at least nontrivial (no obvious 
account names such as 'admin' or 'root,' 
passwords at least eight case-sensitive 
characters, with both numbers and let- 
ters). Access was via Microsoft Remote 



Desktop. As far as Microsoft servers go, 
I had turned off IIS, FTP was non- 
anonymous and user-isolated, and I 
didn't start SQL Server until I installed 
the latest service pack. I was running 
both Apache httpd and Apache Tomcat, 
and although I'd configured them to 
have our URIs accessible, it's also true 
that I didn't remove the 
default "It works!" pages. Our 
development servers were 
Subversion for version control 
and the excellent task man- 
agement tool Jira. 

You'll notice that I haven't 
said anything about the OS 
patch level. That's because I 
have no idea what it was. 
You'll notice that I haven't 
said anything about firewalls. 
That's because there wasn't one. These 
confessions should justifiably drain a 
large amount of whatever sympathy for 
my position you have. I assumed that a 
server system would never be attached 
to the Internet without a reasonable 
patch level, a firewall and NetBIOS not 
bound to TCP/IP. But, in the famous 
construction, to "assume" makes an ass 
of you and me. While I think the hosting 
company was negligent in what it pro- 
vided us, I should have noticed the 
problem. In particular, I failed to regis- 




ter that I did not need to request or 
make any adjustments to make the Sub- 
version server port available to our team. 
Jump forward almost two weeks. 
After a client meeting, I went to enter 
notes in Jira, but my browser timed out 
while trying to log on. Using Remote 
Desktop, I logged on to the develop- 
ment server and saw that it 
had restarted a few hours ear- 
lier. Attempts to restart Jira 
were of no avail. Jira is writ- 
ten in Java, and my first 
thought was the usual sus- 
pects of someone futzing with 
environment variables. How- 
ever, some confused time 
later I had an extraordinary 
experience: I directly un- 
zipped the installation pack- 
age's .class files into the appropriate 
directory, but they didn't appear. I had 
unzipped them, watched their filenames 
scroll by, but a "dir" revealed. . .nothing. 
Great confusion ensued, but to make 
a long story short, Sophos Anti-RootKit 
correctly diagnosed that the system was 
compromised by a rootkit called Hacker 
Defender. It not-quite-automatically 
allowed me to locate and delete the crit- 
ical initialization file and application. On 
reboot, I discovered that the hackers 
had not only turned on IIS, they were 
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using it to serve a nontrivial Java-based 
Web service. One of the capabilities of 
Hacker Defender is to hide files from 
Explorer (presumably by hooking kernel 
.DLLs and filtering certain patterns). 
The hackers used this capability to hide 
their service (a file-sharing application 
controlled from IRC. All this grief to 
trade such treasures as — no kidding — 
the German dub of "Norbit"). When the 
system rebooted, Hacker Defender hid 
Jira's files as well. Had I not seen the 
baffling "disappearing .class files" prob- 
lem, I would not have looked for the 
rootkit. 

The rootkit and its file-trading pay- 
load were only symptoms. The system 
had been compromised by some other 
vulnerability. What, I don't know. Later, 
it became clear that several machines on 
the subnet were compromised, bolster- 
ing the thought that the host's initial 
setups were targeted. Once compro- 
mised with a rootkit, a complete repave 
is the only trustworthy solution. In some 
ways, we were lucky. Our application did 
not have real data in it yet, and several of 
us had recent checkouts from the Sub- 
version server, but agonizingly we had 
no backup of the task database. 

When we bring it back up, with a new 
host, I know what the first task I enter will 
be: Hire security consultant for audit. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing. . net. 
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It's Time for Your Review 



Industry Watch 



Good writing is an art — one I freely 
admit I'm still hoping to master 
even after having earned a living at it for 
more than 25 years. I'll write something, 
read it aloud, make a few changes, read 
it again, then virtually ball it up for a toss 
into my recycle bin. 

When I get to a point where I think I 
have something good, I'll ask one of the 
other editors or writers near- 
by to take a look at it, and let 
me know what they think of 
the effort. They'll often show 
me how I could have eliminat- 
ed an entire paragraph of 
explanation with a more ele- 
gant turn of phrase higher up 
in the piece, or that an argu- 
ment I'm making in a column 
is disjointed, and that para- 
graphs need to be rearranged 
to make the case more clearly or strong- 
ly. Or, they simply say, this section here 
just makes no sense. 

Grammar and spelling? Not an issue. 
Like many of us, I do most of my writing 
in Microsoft Word, which has great auto- 
mated tools built in to prevent me from 
juxtaposing letters in a word, or from 
mangling my subject/verb agreement. It 
saves me plenty, believe you me. 

But the automated checkers cannot 
inform me that one well-written sentence 
could take the place of an entire, clumsi- 
ly worded paragraph. They can't tell me 
that, after scanning the piece from top to 
bottom, the point I started out to make 
isn't the one I delivered at the end. 

The same is true for writing software. 

There are great automated coding 
tools that go far beyond auto-comple- 
tion. They'll let you know if you're vio- 




lating a policy, or if all functional specifi- 
cations work as desired. But even the 
best testing tools can't tell you, for a very 
simple example, if your code matches up 
with the documentation, or does what 
the requirement intended. 

And so, at the SD West Conference 
& Expo held in mid- March in Santa 
Clara, more than one software company 
was advocating for the wide- 
spread adoption of peer code 
reviews. 

One of them, Jason 
Cohen, founded a company 
called Smart Bear Software 
that — as you would expect — 
makes and sells a tool for peer 
code review. He took some 
time from distributing a book 
he wrote with his colleagues 
called "Best Kept Secrets of 
Peer Code Review" to talk about its ben- 
efits with me, regardless of tool. 

Peer code review, he stated flatly, 
reduces the number of errors that get 
into code, and so is a savings all the way 
down the development line. In his 
book, he cites an example in which 
peer code review saves a company half 
of the cost of fixing the defects, and 
adds that 162 additional errors were 
found during the review. 

Cohen asserts that one of the things 
holding back greater adoption of peer 
code review is that the formal processes 
laid out in works by such notables as 
Michael Fagan and Karl Wiegers involve 
seven-phase meetings with assigned 
roles to prevent defects from getting 
into code. The whole process of defect 
detection and correction simply takes 
too long when done in this way to be 



practical to many organizations, Cohen 
notes in his book. He acknowledges the 
meetings are successful in detecting 
defects, but says most organizations 
can't afford to tie up their sharpest 
developers in lengthy meetings. 

Formal review meetings also don't 
align themselves well with iterative or 
agile development processes, Cohen 
said. "A formal meeting of four people 
for two hours, which is a proper Fagan 
inspection... that's a day" in terms of 
man-hours, he said. 

At the other end of the spectrum, 
there's the over-the-shoulder, "Hey Bob, 
can you take a quick look at this?" tech- 
nique. "Any review is better than no 
review," Cohen said. The shortcomings 
of this method, though, are clear. You're 
just not getting a lot of coverage, it's not 
enforceable, and there are no metrics. 

Other methods include what Cohen 
calls the e-mail pass-around process, 
which is difficult to follow when you start 
talking about errors in line 31, but line 31 
is now line 17 because changes have been 
made to the code; and pair programming, 
as advocated in agile processes. 

Paula Rome, director of product 
management at Seapine Software, told 
me during an interview at the confer- 
ence that it's important to identify up 
front what you want to do with code 
review. "A sometimes overlooked value 
is to get senior developers mentoring 
junior developers" in a way that comes 
off as less formal and is better received. 

Peer code review is also a way to 
enforce adherence to good style guide- 
lines, such as logging, or code check-in, 
or build, Rome added. "The key," she 
said, "is figuring out the process you 
want to impact." I 
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Embedded systems software provider Enea has acquired Sweden- 
based Linux solutions seller QiValue Technologies. Enea expects 
to pay US$1.2 million, with additional payments possible based on 
QiValue's financial performance through 2009. QiValue employs 13 
people, offering Linux services and training to equipment 
makers— primarily in the telecom and medical industries— as well 
as development of Linux-based embedded platforms. Embedded 
Linux is an important piece of Enea's Accelerator platform, accord- 
ing to a statement by Enea president and CEO Johan Wall. Accel- 
erator allows telecom equipment makers to more efficiently pro- 
vide carriers with converged network solutions, Wall explained. 
Enea expects the deal to contribute $2 million in revenue to the 
company during 2007 . . . RadView Software has raised US$2 
million through private placement. Select institutional and 
accredited private investors in Israel, led by Meitev Under- 
writing, have entered into a definitive agreement to purchase 
32,907,014 ordinary shares from RadView. "The completion of 
this financing will help to restore confidence in RadView's 
financial position and marks a significant turning point for the 
company," said Jaron Lotan, chairman of the board of Rad- 
View. "With the support of an active investor group, we look to 
explore new and exciting directions for the company." 



EARNINGS: TIBCO Software has disclosed its quarterly finan- 
cial results. Its first quarter gross revenues of US$125.7 mil- 
lion and net income of $10.4 million exceeded last year's 
results of $114.6 million and $5.6 million, respectively. Earn- 
ings were 5 cents per diluted share. The company added 48 
new customers to its roster and closed 75 deals worth more 
than $100,000 and 13 deals valued at more than $1 million, 
according to the financial statement. Cash flow from opera- 
tions was $42 million and its accounts receivable increased 
from $24.02 million to $46.84 million. License revenue is up 
from $48.1 million in 2006 to $52.2 million this past quarter. 
Likewise, revenues obtained from service and maintenance 
contracts rose from $66.4 million to $73.5 million. Operating 
expenses were slightly higher in relation to sales and market- 
ing activities, with a slight rise in general and administrative 
costs. "TIBCO delivered a strong start to our fiscal year with 
our Q1 results, especially in terms of cash flow and profitabili- 
ty," said Vivek Ranadive, TIBCO's CEO and chairman of the 
board. "Demand for our software infrastructure platform con- 
tinues to be driven by core business needs within companies 
and by the maturation of technology trends in SOA, BPM and 
predictive business." I 
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SNA Software April 15-17 

Strategy Summit 

San Francisco 

SOFTWARE & INFORMATION INDUSTRY ASSOCIATION 

siia.net/s4/2007 



Web 2.0 Expo 


April 15-18 


San Francisco 




O'REILLY MEDIA 




www.web2expo.com 




Gelato ICE Itanium 


April 15-18 


Conference & Expo 




San Jose 




GELATO FEDERATION 




www.ice.gelato.org 




Software Security Summit 


April 16-17 


San Mateo, Calif. 




BZ MEDIA 




www.S-3con.com 




Software Test & 


April 17-19 


Performance Conference 




San Mateo, Calif. 




BZ MEDIA 




www.stpcon.com 




CA World 


April 22-26 


Las Vegas 




CA 




www.caworld.com 





MySQL Conference & Expo April 23-26 

Santa Clara 

MYSQL AND O'REILLY MEDIA 

www.mysqlconf.com 



Microsoft MIX07 


April 30-May 2 


Las Vegas 




MICROSOFT 




visitmix.com 




IT 360° 


April 30-May 2 


Conference & Expo 




Toronto 




ITW0RLD CANADA 




www.it360.ca 





IDUG North America May 6-10 

San Jose 

INTERNATIONAL DB2 USERS GROUP 

conferences.idug.org 

VSLive May 6-10 

Orlando, Fla. 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/vslive 

JavaOne May 8-11 

San Francisco 

SUN MICROSYSTEMS 

java.sun.com/javaone/sf 



WinHEC 

Los Angeles 
MICROSOFT 

www.microsoft.com/whdc/winhec 



May 14-17 



STAR EAST 

Orlando, Fla. 

SOFTWARE QUALITY ENGINEERING 

www.sge.com/stareast 

RailsConf 

Portland, Ore. 

O'REILLY MEDIA AND RUBY CENTRAL 

conferences.oreillynet.com/rails 



May 14-18 



May 17-20 



Open Source 
Business Conference 

San Francisco 
IDG WORLD EXPO 

www.linuxworldexpo.com/live/13 



May 22-23 



For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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